Can I get the access token as a string in a Rule or Action?

JWT.io
, ,
1

I have the following rule…

async function (user, context, callback) {
  const axios = require('axios').default;
  const corp = await getCorp(user.email);
  context.accessToken[`https://.../api/corp`] =corp;
  callback(null, user, context);
  async function getCorp(email){
    const token = `Bearer ${context.accessToken}`;
    console.log(`The token is ${token}`);
    const corpResult = await axios.get(`${configuration.domain}/corporate?email=${email}`, {
      headers: {
        "Authorization": token
      }
    });
    return corpResult.data;
  }
}

But the token isn’t a string it is an object. I know this is because things can still be added but I need a way to use it to call the DB to get additional user info for claims. Is there a way to do this without leaving it open?

2

Does this lead me to believe this isn’t possible?

3

I had the m2m account working but because I couldn’t cache it used up my access tokens really quick. Also I would prefer to just delegate the token.

4

Hi @jgleason

The context.accessToken is the access token you are returning to the user. When you are in the middle of the rules, the access token is not yet complete (the user is not fully authorized). Consider: the next rule in the chain could fail the login, so the partial access token is not valid. But you are trying to use it anyway, So, you need your own M2M access token instead.

You can cache M2M tokens in the rule, using the rule config.

John

1 Like
5

@john.gateley Can you provide an example of how to cache the token in the rule? I tried to use global but it still got reset everytime.

6

How can I request an M2M access token in an action? Do you have any examples?
Thanks in advance!
@john.gateley

7

I have a similar issue. I have a managed api token that I want to call in my rule without hardcoding it. any idea how I can make it happen?

9

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

10

Hi there!
We’re making an effort to plum a bit our backlog and wanted to update this topic for any future users ending up here:

Getting an access token for the registered API can be done with the registered machine-to-machine application credentials (client credentials exchange). It is well explained here: Call Your API Using the Client Credentials Flow

Example usage of the flow in Actions (getting / modifying access token): Machine to Machine Flow.

We also have an article on caching the Management API token in Actions - but please treat it as an outline that needs to be well-tested and updated to your needs: Caching Management API Access Tokens in Login Action

Thanks,
Marcelina