Apex Code Development You need to sign in to do that
Don't have an account?
Miguel Buerba OIDC Auth Provider - How to retrieve id_token or refresh_token
Hi
I've implemented an external Open Id Connect Auth. Provider and i manage to login successfully.
Now i'm required to propagate the id_token provided by the third party IDP and I'm stuck on this demand.
I've managed to get an access token, using Auth.AuthToken.getAccessToken('AuthProviderId', 'Open ID connect'), but i need to retrieve the id_token.
I've set the IdP to send the id_token on the refresh token response but when I use Auth.AuthToken.refreshAccessToken(AuthProviderId, 'Open ID connect', accessToken); it only returns a renewed access token but it won't return the id_token.
Is there any way to retrieve current user's id_token? If not, how can i retrieve the refresh_token? If i can get that refresh token i would be able to make a refresh_token callout without using the authtoken.refreshAccessToken method.
Thanks,
Miguel
Thanks!
Can you able to retrieve the ID Token? I am also having similar requierment to grab the ID token sent from IDP but can only find the Access token sent. Please let me know if you find solution for this.
When you did the Auth.AuthToken.getAccessToken('AuthProviderId', 'Open ID connect') , were you able to get the AT for the current user? , I am always getting the AT for some other user , not the current logged in user? , any thoughts as to what am I missing here?
Thanks
I see no answer to the question above, so I am assuming what I read in the documents is accurate which means that the Salesforce implementation of OIDC (and SSO in general) is very lacking.
First, going by the documentation on the OAuthToken page: "https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_class_Auth_AuthToken.htm"
"If you are using an OpenID Connect authentication provider, an id_token is not required in the response from the provider. If a Token Issuer is specified in the Auth. Provider settings and an id_token is provided anyway, Salesforce will verify it."
The access token can be used to call the /userinfo endpoint, but the id_token is the preferred mechanism for conveying user identity information.
How can an Apex developer obtain the id_token?
https://www.crediblebh.me/
if you are using an OpenID as a Connect authentication provider, an id_token is not require for the response from the provider. only this case If a Token Issuer is specified in the Auth .go to the Provider settings and an id_token is provided anyway, Salesforce will verify it."
go to this link:
"https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_class_Auth_AuthToken.htm"
If you find your Solution then mark this as the best answer.
Thank you!
Regards,
Suraj Tripathi
Prerequisites are:
define a client for the client credentials grant type
define an API scope (and optionally a resource)
grant the client access to the scope via the AllowedScopes property
According to the OAuth specification, you request a token by posting to the token endpoint:
POST /connect/token CONTENT-TYPE application/x-www-form-urlencoded client_id=client1& client_secret=secret& grant_type=client_credentials& scope=scope1
In the success case, this will return a JSON response containing the access token:
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "bearer", "expires_in": 3600, }
.NET client library
On .NET you can leverage the IdentityModel client library to request tokens.
The above token request would look like this in C#: CredibleBH Login (https://crediblebh.today/)