Mobile SDK Android Returns AccessToken

oshea00 · September 2, 2019, 11:14pm

Using Android SDK. I get logged in. credentials.getAccessToken() returns access token. credentials.getIdToken() returns a JWT. When examine the JWT, it is just “id”
{
“iss”: “https://dev--8x78t70.auth0.com/”,
“sub”: “google-oauth2|111122254748449783417”,
“aud”: “FLsR7bww6mKe6m2apSSdDhH7rsB794o0”,
“iat”: 1567464913,
“exp”: 1567500913
}

How do I get the Android SDK to return the user full token, with RBAC permissions, so I can call my REST API?

dan.woda · September 3, 2019, 9:44pm

Hi @oshea00,

Did you follow this guide? You need a users access token to call the api, not the idToken.

https://auth0.com/docs/quickstart/native/android/06-calling-apis#get-the-user-s-access-token

oshea00 · September 3, 2019, 11:10pm

Actually, yes. I used the access token and I am running the quickstart Android app. A “Credentials” object is returned in the “onSuccess” callback. It has two methods, getAccessToken(), and getIdToken(). The value from getAccessToken() is displayed on the example MainActivity view. The value for getIdToken() is a JWT, but it doesn’t contain any RBAC permissions in the payload for the user - even though the use is granted permissions.

When I use the implicit flow from a SPA page (for the same user login), the “getTokenSilently()” method returns a JWT containing the “permissions” array as part of the payload. In the implicit call, I can pass an “audience” for the REST API application. Perhaps that is why I get more information back.

The Android Auth0 SDK doesn’t seem to have a way to pass this along in the API. Or, perhaps there is a way to do this? I can’t find it in the documentation* (see EDIT below)

The Andoid SDK call looks like this:
.withScheme("demo") .withAudience(String.format("https://%s/userinfo", getString(R.string.com_auth0_domain))) .withScope("openid email profile")

EDIT (on second look):
The “audience” in the example looks like a url for the userinfo endpoint.

So, I replaced that (.withAudience(…) with the audience value for my Rest API in Auth0, and now it returns JWT with the expected payload when I call credentials.getAccessToken()…
Looks like that fixed it.

Thanks,
Mike

dan.woda · September 18, 2019, 3:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to get idTokenPayload from Android auth SDK Help android	3	3197	December 31, 2019
Getting Valid IdToken ,But Invalid AccessToken Help jwt , auth0 , login	2	1997	May 28, 2022
How to get idToken using just accessToken? Help id_token , access-token , idtoken	2	4346	March 2, 2018
Get jwt access token using react-sdk (getAccessTokenSilently) Help jwt , auth0 , access-token , react-sdk	2	6649	March 10, 2021
How to obtain id_token with auth0-spa-js Help spa	20	22098	February 27, 2020

Mobile SDK Android Returns AccessToken

Related topics