Acquiring access token in rules or hooks extensibility points

Petko-Gotsov · November 27, 2020, 3:48pm

Greetings,

The case is that I want to enrich an access token with custom claims, pulled out of an Auth0 protected API(M2M app authorized for same Auth0 tenant). The way I initially went about this was to create a client credentials exchange hook, hoping to catch the access_token in the context parameter of the hook function, and use it to query the external API and add the claim. This didn’t work though, as the context does not contain the access_token. I found several topics on implementing the same behavior using rules, but no solution discoverable yet. I went through the documentation of the rules, and found several suggestions which do not fit my need. Those include making a connection to the database in the rule itself and querying it for the claim. The other one suggested authenticating with the external API using a secret string, stored in configuration. Both of these approaches seem unreliable to me. One of the topics mentioned using ‘node request example you can copy into the rule’, for which I could not find more info at this point.

Does anyone have any idea on best practices how to solve this?

john.gateley · November 27, 2020, 7:24pm

Hi @Petko-Gotsov

You can use the webtask storage API to cache the tokens: https://webtask.io/docs/storage

John

konrad.sopala · November 30, 2020, 7:15am

Hey there!

Wanted to add a bit to that. As far as I remember unfortunately webtask.io platform is not accepting new signups for a while now so not sure if you will be able to use that.

Petko-Gotsov · November 30, 2020, 4:19pm

I found a solution, which is to call the credentials exchange oauth/token endpoint inside of the extensibility point hook, passing in a bool value so as to avoid endless loop. This way I can get the access_token and query the API later on in the hook.

konrad.sopala · December 1, 2020, 1:35pm

Perfect! Glad you have figured it out!