I am new to Auth0 so apologies if my questions are not clear. **So what I want to do is get access token in JWT form and use it later in my backend api (As of now access token is coming as opaque). **
Till now I have only downloaded the Auth0 sample in GO language and I have no custom change. Here is the code for the reference
package auth
import (
"context"
"log"
"os"
"golang.org/x/oauth2"
oidc "github.com/coreos/go-oidc"
)
type Authenticator struct {
Provider *oidc.Provider
Config oauth2.Config
Ctx context.Context
}
func NewAuthenticator() (*Authenticator, error) {
ctx := context.Background()
provider, err := oidc.NewProvider(ctx, "https://"+os.Getenv("AUTH0_DOMAIN")+"/")
if err != nil {
log.Printf("failed to get provider: %v", err)
return nil, err
}
conf := oauth2.Config{
ClientID: os.Getenv("AUTH0_CLIENT_ID"),
ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"),
RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"),
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile"},
}
return &Authenticator{
Provider: provider,
Config: conf,
Ctx: ctx,
}, nil
}
package callback
import (
"context"
"fmt"
"log"
"net/http"
"os"
"strings"
"github.com/coreos/go-oidc"
"app"
"auth"
)
func CallbackHandler(w http.ResponseWriter, r *http.Request) {
session, err := app.Store.Get(r, "auth-session")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if r.URL.Query().Get("state") != session.Values["state"] {
http.Error(w, "Invalid state parameter", http.StatusBadRequest)
return
}
authenticator, err := auth.NewAuthenticator()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
fmt.Println(r.URL.Query().Get("code"))
token, err := authenticator.Config.Exchange(context.TODO(), r.URL.Query().Get("code"))
if err != nil {
log.Printf("no token found: %v", err)
w.WriteHeader(http.StatusUnauthorized)
return
}
fmt.Println(strings.Repeat("-", 30))
fmt.Println("The refresh token is")
fmt.Println(token.RefreshToken)
fmt.Println(strings.Repeat("-", 30))
fmt.Println(strings.Repeat("-", 30))
fmt.Println("The token is")
fmt.Println(token)
fmt.Println(strings.Repeat("-", 30))
rawIDToken, ok := token.Extra("id_token").(string)
if !ok {
http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError)
return
}
oidcConfig := &oidc.Config{
ClientID: os.Getenv("AUTH0_CLIENT_ID"),
}
idToken, err := authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken)
if err != nil {
http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
return
}
fmt.Println(strings.Repeat("-", 30))
fmt.Println("The id token is")
fmt.Printf("%+v\n", idToken)
fmt.Println(strings.Repeat("-", 30))
// Getting now the userInfo
var profile map[string]interface{}
if err := idToken.Claims(&profile); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
session.Values["id_token"] = rawIDToken
session.Values["access_token"] = token.AccessToken
session.Values["profile"] = profile
fmt.Println(strings.Repeat("-", 30))
fmt.Println(session.Values["access_token"])
fmt.Println(strings.Repeat("-", 30))
fmt.Println(session.Values["id_token"])
fmt.Println(strings.Repeat("-", 30))
fmt.Println(session.Values["profile"])
err = session.Save(r, w)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Redirect to logged in page
http.Redirect(w, r, "/user", http.StatusSeeOther)
}
When I read the access token in the session object it is coming in weird form(which I understand is opaque). If anybody can point me what change I have to make in this code to get Access token in JWT form that will be awesome