Hi,
I found four other topics asking the same but I could not find the right answer (see other links at the bottom)
The context_accessToken is just a dictionary which is then used to create the final JWT token.
Can we get the final JWT access token?
I also looked at the hooks but it does not seem to be possible either.
Cheers
Related links
I need to use the user access token to access a third party API in the rule snippet. Is this possible?
Hello, I have this very same problem: Getting UserInfo using the Access Token - #3 by pulsemagic18 As you can notice there, there was no answer to the thread.
Basically, I am sending and validating the access token from the frontend to the backend (ReactJS - ExpressJS) correctly. But, take this scenario: If a user sends a post request and creates a new record on my database, I need to add a field identifying the user that created that record.
To achieve this, I need to get at least the user’s …
When talking about the 4-step flow of Rules on the guide page , item #4 says:
Blockquote 4. 1. The ID Token and/or Access Token is passed through the Rules pipeline, then sent to the app.
Do we have access to the Access Token from inside the Rule? I was hoping to use the AccessToken JWT to reach my API, but may have to use a generic API key if not.
Pretty simple question I think: is it possible, within a rule, to get ones hands on the access_token (JWT) that is going to be sent to the client (e.g. using the Implicit Flow?)
To make a long story short, there is a scenario where I am redirecting a user to a client other than the one they are intending to log into. This is a special ‘wizard client’ where we allow our users to migrate from a username to an email-based login.
So, I want to make this redirect ‘tamper proof’, and I had the idea…
1 Like
The rules engine runs before the token is issued. That is why you can add things to it using context.accessToken, otherwise the signature would be invalid after adding anything.
Can you tell us what you are trying to do?
1 Like
Yes, it makes sense. But there is no hook nor anything that runs after the token is created, encoded and signed?
We want to save some information of the token somewhere but we are using the full token to do that.
The user object in rules contains much of the information of the token. What are you saving and why?
Hi Dan,
It’s ok we found another way.
Thanks!
Sounds good, let us know if you have any other questions.
system
December 19, 2020, 4:27pm
8
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.