We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello there ! I'm struggling to understand what would be the best way to add the audience form field from auth0 on the AccessTokenFetcher. From what I understand auth0 sends back an opaque token by default unless you provide an audience parameter to the token endpoint (cf https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028) If I'm correct this parameter should be added in the AccesTokenFetcher fetch method but as the requestForm is implemented as https://github.com/http4k/http4k/blob/master/http4k-security/oauth/src/main/kotlin/org/http4k/security/OAuthWebForms.kt#L15-L24 I'm not sure if it is possible to add the parameter without rewriting the whole thing. The workaround would be to hit the /userinfo endpoint with the opaque token but I was wondering if these kind of settings would belong into this library or if it is out of scope. https://github.com/http4k/http4k/blob/master/http4k-security/oauth/src/main/kotlin/org/http4k/security/AccessTokenFetcher.kt#L34-L37
In any way thanks for the time and thanks for the awesome work it really is a pleasure working with http4k
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello there !
I'm struggling to understand what would be the best way to add the audience form field from auth0 on the AccessTokenFetcher.
From what I understand auth0 sends back an opaque token by default unless you provide an audience parameter to the token endpoint (cf https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028)
If I'm correct this parameter should be added in the AccesTokenFetcher fetch method but as the requestForm is implemented as https://github.com/http4k/http4k/blob/master/http4k-security/oauth/src/main/kotlin/org/http4k/security/OAuthWebForms.kt#L15-L24 I'm not sure if it is possible to add the parameter without rewriting the whole thing.
The workaround would be to hit the /userinfo endpoint with the opaque token but I was wondering if these kind of settings would belong into this library or if it is out of scope.
https://github.com/http4k/http4k/blob/master/http4k-security/oauth/src/main/kotlin/org/http4k/security/AccessTokenFetcher.kt#L34-L37
In any way thanks for the time and thanks for the awesome work it really is a pleasure working with http4k
The text was updated successfully, but these errors were encountered: