Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserAuthorizer is discarding the id_token after successful authorization code exchange #821

Open
dgrinbergs opened this issue Jan 6, 2022 · 1 comment
Open

UserAuthorizer is discarding the id_token after successful authorization code exchange #821

dgrinbergs opened this issue Jan 6, 2022 · 1 comment
Assignees
@TimurSadykov
Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@dgrinbergs
Copy link

I'm trying to get data from the id_token which is returned when exchanging an authorization code with the token endpoint.

I have everything I need to make the request to the endpoint manually. However, this is very verbose and feels like re-inventing the wheel. It got me thinking that there must be a way to get this data using the classes provided by the library.

Currently I am using the com.google.auth.oauth2.UserAuthorizer class to build up a request for the exchange of information.

val userCredentials: UserCredentials = UserAuthorizer.newBuilder()
  .setClientId(googleOauthConfig.clientId)
  .setTokenStore(tokenStore)
  .setScopes(googleOauthConfig.scopes)
  .setTokenServerUri(URI.create("https://oauth2.googleapis.com/token"))
  .setCallbackUri(redirectUri)
  .build()
  .getCredentialsFromCode(authorizationCode, redirectUri)

The internals of getCredentialsFromCode() parses the response and it contains all the tokens. Including the id_token but, it gets discarded when constructing the UserCredentials object further down.

Debug mode showing that the value for id_token is stored

return UserCredentials.newBuilder()
  .setClientId(clientId.getClientId())
  .setClientSecret(clientId.getClientSecret())
  .setRefreshToken(refreshToken)
  .setAccessToken(accessToken)
  .setHttpTransportFactory(transportFactory)
  .setTokenServerUri(tokenServerUri)
  .build(); // no mention of id_token

Regardless, I want to get this value so I can know basic information about the user such as their name, birthday and email address from a single request.

There does exist a method called idTokenWithAudience() which returns a Google ID Token from the refresh token response. If I call this, I get a token back that doesn't contain all the data that was available in the identically named id_token mentioned earlier making it a no-go either.
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label Jan 7, 2022
@Neenu1995 Neenu1995 added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed triage me I really want to be triaged. labels Jan 10, 2022
@awesomekosm
Copy link

Wouldn't be as much of a problem if UserAuthorizer had a public constructor so I could just override getCredentialsFromCode

After refreshing id_token, user profile stuff is missing, according to googleapis/google-api-dotnet-client#1141 (comment) this info must be cached. How am I supposed to cache it if the library discards of the value?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TimurSadykov TimurSadykov

Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@TimurSadykov @awesomekosm @Neenu1995 @dgrinbergs @yoshi-automation and others