Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract username from access token #32

Open
bikerp opened this issue Jun 15, 2020 · 3 comments
Open

Extract username from access token #32

bikerp opened this issue Jun 15, 2020 · 3 comments
Assignees
@levahim
Labels
question

Comments

@bikerp
Copy link

bikerp commented Jun 15, 2020

Hi,
is it possible to extract user name from access token istead of ID token?
@levahim levahim self-assigned this Aug 1, 2020
@levahim
Copy link
Contributor

levahim commented Aug 1, 2020
edited
Loading

Not sure I follow. If the access token is a JWT, then yes, you can extract all the claims from it. Please explain in more detail.

@bikerp
Copy link
Author

bikerp commented Aug 1, 2020

I meant the situation when IDP returns ID token and access token. It seem that the tomcat-oidcauth favors the ID token

@levahim
Copy link
Contributor

levahim commented Sep 11, 2020

Theoretically speaking, access tokens are not supposed to be parsed by the application, they should be treated as opaque (even if it's a JWT) and only used for authenticating remote API calls (e.g. as the Authorization HTTP header). If your IdP provides you with both access and ID tokens, they are supposed to match, so the username for the Tomcat realm should be available to you in the ID token as well. Isn't that the case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@levahim levahim

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@levahim @bikerp