How to get id token from IdP - cniackz/public GitHub Wiki

Objective:

To get id_token from IdP

Diagram:

Links:

• https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
• https://auth0.com/docs/api/authentication?http#authorization-code-flow
• https://stackoverflow.com/questions/18123018/google-oauth2-returns-no-id-token
• https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/add-login-auth-code-flow
• https://auth0.com/docs/authenticate/protocols/oauth#endpoints

Pre-requisites:

• You should have IdP configured

Steps:

1. In an incognito window of chrome browser get:

https://dev-xqm5ioqlmy7qyjvl.us.auth0.com/authorize?audience=https://dev-xqm5ioqlmy7qyjvl.us.auth0.com/api/v2/&scope=openid&response_type=code&client_id=rMVc40T7fwgbEez1svp8wmjBtSaoKIOJ&redirect_uri=http://localhost:5005/oauth_callback

2. From the URL above get the code:

http://localhost:5005/oauth_callback?code=4bcuTPrXa3k9s6YvGvbKRyh4Myfg7Z1ZIPxASZHijrKV1

code=4bcuTPrXa3k9s6YvGvbKRyh4Myfg7Z1ZIPxASZHijrKV1

3. In Postman POST and get the id_token:

• URL: https://dev-xqm5ioqlmy7qyjvl.us.auth0.com/oauth/token
• Header: content-type: application/json
• Body:

{"client_id":"rMVc40T7fwgbEez1svp8wmjBtSaoKIOJ","client_secret":"SlQcQAUdUjW8ZPbp5qdbQYM5P7Pkp4GtGeXKky_dThl8Uk2NWdGu13dO9ftN0umH","grant_type":"authorization_code","code":"dq-sIRiumd6mvzQz3wdy60R9qvfH1H4xV1rrnx_ER2Qvm","redirect_uri":"http://localhost:5005/oauth_callback"}

Explanation:

• /authorize is the endpoint where you get the code from. That code is generated right after the user logs in.

• audience this value comes from the API itself, where the link is https://manage.auth0.com/dashboard/us/dev-xqm5ioqlmy7qyjvl/apis the value is https://dev-xqm5ioqlmy7qyjvl.us.auth0.com/api/v2/ and the view is as below

• scope documentation can be found at https://auth0.com/docs/api/authentication?http#authenticate-user Use openid to get an ID Token also a thread of this in stackoverflow https://stackoverflow.com/questions/18123018/google-oauth2-returns-no-id-token

• client_id comes from the Application itself. I've created a Regular Web Application as observed below and there you can get this value.

• client_secret comes from the Application as well, and you can get it from within the app as observed below:

• redirect_uri documentation can found at https://auth0.com/docs/api/authentication?http#database-ad-ldap-passive- it says as below, I configured callback url but after user logins in my case it fails, so I bet I need to do more job to investigate how this actually works, but I did not because in that process I got the code and the code is all i needed for getting the id_token so for next time:

The URL to which Auth0 will redirect the browser after authorization has been granted by the user. Specify the redirect_uri under your [Application's Settings](https://manage.auth0.com/?_gl=1*1e8r7xw*_gcl_aw*R0NMLjE3MTc2ODY3MjYuQ2p3S0NBand2SVd6QmhBbEVpd0FISFdndmNpY09KQlk5M1NjV2hpZi1lQnhZTWNRU0JjSGFFSXJLbDFZb25xa2QxR1czRDVyVWVQbkZob0NDTzhRQXZEX0J3RQ..*_gcl_au*MTMwMDEzOTA0My4xNzE3NTMwMTM4*_ga*MTUxNTczNDgxNi4xNzE3NTMwMTM5*_ga_QKMSDV5369*MTcxNzY4NjcyNS42LjEuMTcxNzY4NzM2My41MC4wLjA.#/applications).

• "grant_type":"authorization_code": grant_type, Denotes the flow you are using. For Authorization Code, use authorization_code.
• code: The Authorization Code received from the initial /authorize call.