[Q] Access user profile & token from a portlet

[izodev]

trafficstars

How can I get access to the returned user profile & token from my portlet? You are setting these data as attributes for the HttpServletRequest, trying to get them from my RenderRequest object but no result.

[gvanderploeg]

Good question. I have considered this topic myself, and I think that it would not be very elegant to just expose the profile and token to any portlet that is deployed. I would consider the profile (and especially the token) to be quite sensitive data, and portlets should not be trusted with this by default, I would say. (on the other hand, portlets can obtain the information anyway from the http session by some casting and fiddling, so it's not that secure at the moment anyway)

If accessibility from portlets is to be added in this plugin, I think it should be configurable and turned off by default. As to the place where to add this: either in the existing filter, i'd say?

[obotor]

Hi Geert, I ended up injecting the access token in session from LibFilter. I may take some time to make this configurable and then I may send a pull request. Will get back to you when ready. Cheers! Olivier

[ricsxn]

I managed to store received OIDC data in JSON format, into user' openId field. I understand is not the cleanest way to do this, but fits perfectly my needs. My code changes are available in my forked version.