Obtaining Auth0 Access Token using oauth2.client.provider.auth0

richard.sanigar · February 17, 2023, 5:40pm

Hi Auth0 Community

I’m using a Spring Boot application to authenticate with Auth0, using org.springframework.security and the Auth0 oauth2.client.provider

The authentication flow returns an OidcUser object where we can easily obtain the Auth0 Id Token from the OidcUser.getIdToken().getTokenValue(). However the flow does not return the Auth0 Access Token. The OidcUser object has a getAccessTokenHash() method, but this is null.

Has anyone successful obtained both the Id and Access token through an OpenId connect 1.0 provider such as the Auth0 oauth2.client.provider.

I can easily get both tokens if I use the com.auth0.mvc-auth-commons library, but unfortunately the project I am maintaining is using different frameworks/libraries

Any pointers will be much appreciated

Regards

Richard

richard.sanigar · February 17, 2023, 6:44pm

Hi All

Found a solution by using the OAuth2AuthorizedClientService class and OAuth2AuthenticationToken

By adding a /successLogin endpoint I had the following:

@GetMapping(“/successLogin”)
public void successLogin(@AuthenticationPrincipal OidcUser oidcUser, OAuth2AuthenticationToken oAuth2AuthenticationToken, HttpServletResponse response)
throws IOException {
var oAuth2AuthorizedClient = authorizedClientService.loadAuthorizedClient(
oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oidcUser.getName());
var accessToken = oAuth2AuthorizedClient.getAccessToken().getTokenValue();

    successLoginHandler.handle(oidcUser, accessToken, response);
}

The IdToken is obtained from oidcUser.getIdToken().getTokenValue();

Hope this helps

Regards

Richard

tyf · February 17, 2023, 10:59pm

Hey @richard.sanigar thanks for following up with the solution, I’m sure it will prove helpful for others in the future!

system · March 3, 2023, 11:00pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.