In a Rule is it possible to return the accessToken as an idToken?

I would like to know if it is possible to return the accessToken in the idToken of a rule.
This would be convenient to be able to fetch the access token from the user profile.
Although I’m not sure if this is secure.

I tried doing

   context.idToken['https://app.twikies.com/token'] = context.accessToken;

but when I call the handleProfile function it sends me an empty object on that field 'https://app.twikies.com/token'

I wonder if this is a security measure that the real accessToken isn’t exposed inside the rule

HI @turbo

I would not do this. Access tokens are designed to be used in a very specific flow, and any time you go outside that flow, you introduce risks.

John

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.