"access_token" missing in user info SAML2 Web App identity, read:user_idp_tokens present in Management API access token

admin35 · July 13, 2021, 10:41pm

Hi Everyone,

I am following Call an Identity Provider API documentation to call IdP API. My setup is done using Test SAML SSO with Auth0 as Service Provider and Identity Provider, so the SAML2 Web App is used for providing the identity.

I have verified that when making the call to get user data via Management API , the access_token includes the read:user_idp_tokens scope.

Still, the response I get does not include access_token in the identities only object, although I get name, email, etc.

Is it the limitation of using SAML2 Web App? Or something else that is missing?

Thank you in advance!

admin35

colin.coutts · July 15, 2021, 9:31pm

Hi @admin35

Thanks for reaching out, I don’t believe the application configured as the SAML IdP will send an Access Token by default. Can you try this with one of the example IdPs given in the doc you sent over like GitHub or Facebook? That’d be a good test to confirm the behavior.

Best Regards,
Colin

admin35 · July 15, 2021, 11:14pm

Hi @colin.coutts,

Thank you for your response. We managed to bypass the need for the access token, by using rule to read roles assigned to the user in IdP.

Best regards,
admin35

konrad.sopala · July 16, 2021, 6:29am

Perfect! Glad it all came together!