Skip to content

Capture access token from IdP #54

Closed
@shawnhankim

Description

@shawnhankim

Background:

  • Current NJS implementation disregard the access_token that is being sent by the IdP and only uses the id_token to get stored in the NGINX Plus K/V store.

  • Token Recommandation

    When Using Do Don't
    ID Token - Assume the user is authenticated - Call an API
    - Get user profile data - Check if the client is allowed to access something.
    Access Token - Call an API - Inspect its content on the client
    - Check if the client is allowed to access something
    - Inspect its content on the server side

    courtesy: ID Token and Access Token: What's the Difference?

Acceptance Criteria:

  • Enhance the NJS Code to capture the access_token sent by the IdP.
  • Store the access_token in the k/v store as same as we store id_token and refresh_token

Compatibility:

  • This issue will not block the existing features as there would be no change of variables, and this is just to add features.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions