Identity provider access tokens in actions

I’ve been looking around the forum and I can’t find the info I need.

I need to be able to use the access tokens granted to the social connection that I’ve set up to let people log in with paypal/patreon etc.

I found a post that tried to explain that the tokens were auth0’s and that’s not really true. The tokens are for the app that I set up in the IDP. This is my registration, not Auth0’s. And I need to be able to use this during the post-login action to access additional information about the user.

Where is this information in the event object passed to my action? How do I get access to this?

Hi @ftreesmilo,

Welcome back!

Can you give us an example of your use case? What would you like to do in the action?

Let’s take patreon for example.

I have an app in patreon that lets me log a user in and view their subscriptions.
All I really care about is IDs. If I have a relationship with another Patreon creator, I want to allow them to have some benefits, so I look for that subscription in their profile.

I want to refresh this data when they log in, the login flow is perfect for it, and I’m already asking for the permissions I need.

The majority of my problem is that I’m running a serverless PWA site. I don’t want to pay the costs of a server… But most OAuth providers out there haven’t implemented PKCE so I cannot integrate with them directly on the glass (so to speak) and I don’t have any server to get redirected to.

But you guys do! AND you have a bunch of different social connectors!
It was great news until I heard about this.

I understand that I can make YET ANOTHER application and save those creds as secrets for actions and use client_credential flow to access apis during the login flow… but that API call is very different.
I won’t be able to make queries based on the person that logged in, only data in my account.

It really just seems to be way too complicated.

Now I read the justification posted elsewhere here that says those tokens belong to Auth0, but I respectfully disagree. Those tokens belong to the app I’ve defined in Patreon, and Auth0 are using those credentials for my in the connector. You do have some responsibility to protect them… on my behalf, but not prevent me from accessing them to shoot myself in the foot (I’ll try my best not to :slight_smile:

And yes, I do see there’s a place to perform operations with that access token on user login on the connector page… but I really would like to be able to do that at other times… whenever I need to.

Like on Auth0 token refresh, so that my app has the most recent data.

TBH that’s a pretty good use case right there to allow actions to get the accessToken… to fill out profile data so we can actually use a decent editor instead of that cramped one on the application page

IDP access tokens are available via the management API: Identity Provider Access Tokens. You should be able to access them via a call to the management API. What is available depends on the provider. You’ll have to check and see what is available for those connections.

I’m not familiar with the posts you are referring to about who owns the tokens, but I’d be happy to look if you share what you are referencing.

So I’ll need yet another access token to call the management api?
Or is there a better way to call it from within actions?

Sooo who develops the paypal provider? why can’t I request extra scopes?
Their identity api has a scope for getting the payer id, but I don’t see an option for it in the social connection config, and it’s not getting it when syncing the profile.

@ftreesmilo - you may try the use of Custom Social Connection with PayPal if the OOTB connection does not meet your needs.

1 Like