Skip to content

Add function to return id_token (for Service Now) #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 1, 2019
Merged

Add function to return id_token (for Service Now) #200

merged 1 commit into from
Oct 1, 2019

Conversation

@mryerse
Copy link
Contributor

@mryerse mryerse commented Sep 4, 2019

Some IDPs such as OpenAM can be configured to provide both an access_token and an id_token with the callback. This update provides a function that can be called to return the id_token instead of the access_token. The id_token contains a payload with claims related to the authenticated identity. This was required for API integration to Service Now, who told me their service cannot be configured to accept an access_token.

@mryerse
Add function to return id_token (for Service Now)
73013c9 
Some IDPs such as OpenAM can be configured to provide both an access_token and an id_token with the callback.  This update provides a function that can be called to return the id_token instead of the access_token.  The id_token contains a payload with claims related to the authenticated identity.  This was required for API integration to Service Now, who told me their service cannot be configured to accept an access_token.
@googlebot
Copy link

googlebot commented Sep 4, 2019

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@mryerse
Copy link
Contributor Author

mryerse commented Sep 4, 2019

@googlebot I signed it!

@googlebot
Copy link

googlebot commented Sep 4, 2019

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

@mryerse
Copy link
Contributor Author

mryerse commented Sep 4, 2019
edited
Loading

In my testing this works as expected since the id_token follows same expiration as access_token. Perhaps there's a better way to handle the situation, but if not then I hope this addition helps some people out.

@erickoledadevrel
Copy link
Contributor

erickoledadevrel commented Sep 4, 2019

Thanks for the submission! There are two existing samples that use id_token by just getting the whole token and pulling it out:

https://github.com/gsuitedevs/apps-script-oauth2/search?q=id_token&unscoped_q=id_token

You could have done the same for your use case, but adding a helper function sounds like a good idea. Please update those two other samples to use this new method and then I'll merge the PR.

@mryerse
Copy link
Contributor Author

mryerse commented Sep 4, 2019

You're right, I learned a new way to search today. But I'll take your word that it's a good idea, and just updated the two samples.

@erickoledadevrel erickoledadevrel merged commit 551a4cb into googleworkspace:master Oct 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@erickoledadevrel erickoledadevrel erickoledadevrel approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mryerse @googlebot @erickoledadevrel