You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
How can I get access to the returned user profile & token from my portlet?
You are setting these data as attributes for the HttpServletRequest, trying to get them from my RenderRequest object but no result.
The text was updated successfully, but these errors were encountered:
izodev
changed the title
Access user profile & token from a portlet
[Q] Access user profile & token from a portlet
Jun 11, 2017
Good question.
I have considered this topic myself, and I think that it would not be very elegant to just expose the profile and token to any portlet that is deployed. I would consider the profile (and especially the token) to be quite sensitive data, and portlets should not be trusted with this by default, I would say.
(on the other hand, portlets can obtain the information anyway from the http session by some casting and fiddling, so it's not that secure at the moment anyway)
If accessibility from portlets is to be added in this plugin, I think it should be configurable and turned off by default.
As to the place where to add this: either in the existing filter, i'd say?
Hi Geert,
I ended up injecting the access token in session from LibFilter.
I may take some time to make this configurable and then I may send a pull request.
Will get back to you when ready.
Cheers!
Olivier
I managed to store received OIDC data in JSON format, into user' openId field. I understand is not the cleanest way to do this, but fits perfectly my needs. My code changes are available in my forked version.
How can I get access to the returned user profile & token from my portlet?
You are setting these data as attributes for the
HttpServletRequest
, trying to get them from myRenderRequest
object but no result.The text was updated successfully, but these errors were encountered: