Question
Murex
LB
Last activity: 10 Jun 2022 6:02 EDT
Retrieve id token and access token from Open ID authentication
In our current application we are using SAML for sso we are trying to switch to OAuth OpenID.
Everything is done and the user can now authenticate with Azure and login to the system.
- Create New Auth Service
- Fill the needed end points
- Add the KeyStore and set the issuer
- Set the properties needed from the token for ID Token Processing
Output from the logs:
- Processing authorization code recieved from OIDC provider
- StateParam Validation is successful
- Fetching access token using authCode received
- Invoking access token endpoint: --> Request
- Response Details: access_token = ********* , scope = , id_token = , etc.
- Creating access token page for Client ID
- Successfully fetched access token and ID token using authCode
- Validating ID token received from access token end point
- JWT is signed
- Successfully validated ID token with standard claims
- Fetch Operator
- trying to fetch operator from DB
- Successfully established operator from received ID token claims
However we are trying to get the Access Token and the ID Token to use it for communication with other systems.
In the logs we managed to see the Token ID in the OIDCClientHandler logger, but the Access Token is shown as ***** when enabling the debug mode on client.oauth2.OAuth2ClientImpl.
In our current application we are using SAML for sso we are trying to switch to OAuth OpenID.
Everything is done and the user can now authenticate with Azure and login to the system.
- Create New Auth Service
- Fill the needed end points
- Add the KeyStore and set the issuer
- Set the properties needed from the token for ID Token Processing
Output from the logs:
- Processing authorization code recieved from OIDC provider
- StateParam Validation is successful
- Fetching access token using authCode received
- Invoking access token endpoint: --> Request
- Response Details: access_token = ********* , scope = , id_token = , etc.
- Creating access token page for Client ID
- Successfully fetched access token and ID token using authCode
- Validating ID token received from access token end point
- JWT is signed
- Successfully validated ID token with standard claims
- Fetch Operator
- trying to fetch operator from DB
- Successfully established operator from received ID token claims
However we are trying to get the Access Token and the ID Token to use it for communication with other systems.
In the logs we managed to see the Token ID in the OIDCClientHandler logger, but the Access Token is shown as ***** when enabling the debug mode on client.oauth2.OAuth2ClientImpl.
Nevertheless we couldn't find anything related to the retrieval of the Token from the Authentication service to the Clipboard.
Anyone have any input on how to get this token that was printed in the log?
Accepted Solution
Updated: 10 Jun 2022 4:23 EDT
Murex
LB
Hello @MUELM ,
You can check the instances of the class Data-Admin-Security-AccessTokenKeys to check the access token.
Another user @PavanKumarNaidu replied to me with the below and I quote:
"Please check this article : https://www.howtopega.info/2021/12/open-id-connect-sso-authentication-with.html which explains on the same OIDC concept.
Please check if your OIDC Provider uses this one NimbusOIDCClientHandler. In that case, you can enable debug logger on the same. Please refer to the above article (during the end of the video you would notice the ID token). Hope that helps."
Hope it helps.
Thanks,
Mohamad
WellsFargo
IN
@Mohamad Shokor Hi MOhamad, Did you get any solution for this ?
Pegasystems Inc.
US
@Mohamad Shokor Just a quick follow up - did you ever get a response or figure this out? I am in the same situation with PRPC 8.6 and I would like to use that access token as well. The log files in my case just state the application has successfully received the access token.
Accepted Solution
Updated: 10 Jun 2022 4:23 EDT
Murex
LB
Hello @MUELM ,
You can check the instances of the class Data-Admin-Security-AccessTokenKeys to check the access token.
Another user @PavanKumarNaidu replied to me with the below and I quote:
"Please check this article : https://www.howtopega.info/2021/12/open-id-connect-sso-authentication-with.html which explains on the same OIDC concept.
Please check if your OIDC Provider uses this one NimbusOIDCClientHandler. In that case, you can enable debug logger on the same. Please refer to the above article (during the end of the video you would notice the ID token). Hope that helps."
Hope it helps.
Thanks,
Mohamad
Stratosphere Technology Consulting LLC
US
@SReddyR87 AccessTokens are instances of Data-Admin-Security-OAuth2-AccessToken and are saved in DB. Look at the java step in OOTB activity GetOperatorAccessToken to retrieve the AccessToken.
Pegasystems Inc.
US
@Mohamad Shokor Yep - I turned on all of those oauth2 loggers and finally got it to appear. :-)
EIB
PL
@Mohamad ShokorDid you find any solution for this ?
Murex
LB
EIB
PL
@Mohamad Shokor No record appears in Data-Admin-Security-AccessTokenKeys when I login via OIDC. I see D_pyOIDCLoginInfo contains the ID token but it is not refreshed when the token expires. I have created SR for this.
Murex
LB
@EngincanY I did not really dig into the refresh token flow, as It was just proof of concept. But please update this thread with a solution for the refresh token if the SR lead to some help.