tomcat-oidcauth icon indicating copy to clipboard operation
tomcat-oidcauth copied to clipboard
verified publisher icon boylesoftware

Extract username from access token

Open bikerp opened this issue 5 years ago • 3 comments

Hi, is it possible to extract user name from access token istead of ID token?

bikerp avatar Jun 15 '20 11:06 bikerp

Not sure I follow. If the access token is a JWT, then yes, you can extract all the claims from it. Please explain in more detail.

levahim avatar Aug 01 '20 12:08 levahim

I meant the situation when IDP returns ID token and access token. It seem that the tomcat-oidcauth favors the ID token

bikerp avatar Aug 01 '20 18:08 bikerp

Theoretically speaking, access tokens are not supposed to be parsed by the application, they should be treated as opaque (even if it's a JWT) and only used for authenticating remote API calls (e.g. as the Authorization HTTP header). If your IdP provides you with both access and ID tokens, they are supposed to match, so the username for the Tomcat realm should be available to you in the ID token as well. Isn't that the case?

levahim avatar Sep 11 '20 16:09 levahim