How do I use "read:user_idp_tokens" and get idP tokens when also using a regular web app

jgleason · September 16, 2021, 9:24pm

I have tried to add

     passport.authenticate([this.type], {
        scope: "openid email profile read:user_idp_tokens",
      }), function(req, res) {
        res.redirect("/user");
      },
     ...
    const verify = (issuer, audience, profile, accessToken, refreshToken, cb)=>{
      // Set Cookie to the access token (eventually refresh)
      console.log(`Profile is ${profile._json}`);
      return cb(null, profile._json);
    }

But when I run the profile does not include the idP tokens. What am I missing?

marcus.baker · September 16, 2021, 10:20pm

Hi,

For a Web App your backend would call the Management API to retrieve IDP tokens:

More information is here:

Your backend would call this endpoint with a mgmt api token that has the read:user_idp_tokens scope

hope this helps

jgleason · September 17, 2021, 1:42pm

So one reading user_idp would the the client credentials? I tried this and I got denied to the /api/v1/user endpoint to get the idp tokens.

Topic		Replies	Views
Possible to get IdP access token without server? Help token , access-token , serverside , access , idp	5	5214	March 2, 2018
Retrieving Identity Provider Access Tokens Knowledge Articles access-token	1	21	September 12, 2024
Access Denied / Unauthorized when calling oauth/token to fetch Idp Token Help access-token , idp	4	43105	May 23, 2019
Get third party IDP access token from user profile using Management API in Authorization login flow Help auth0 , login , news	0	1509	October 14, 2022
How do I verify the user on the backend? Help	2	5145	August 30, 2019

How do I use "read:user_idp_tokens" and get idP tokens when also using a regular web app

Related topics