Closed Sayyiditow closed 4 years ago
We did see that there is a claim which gives the "xero_userid". Tried to use the value to query "Users" using the API but a nullpointer was thrown. I'm guessing this is not the right endpoint to user the "xero_userid" value.
After looking back into this, I found out that the proper decodedJWT that holds the identity token is not the access token itself, it is actually the id_token in the token response. Posting the way to get the email below for other users who come here:
First, get the id token:
After getting the tokenResponse from the flow
String idToken = String.valueOf(tokenResponse.get("id_token"));
Then only you may find the email claim:
DecodedJWT decodedJWT = JWT.decode(idToken); String email = decodedJWT.getClaim("email").asString()
You can then save this email in your token storage implementation as a user for login into your app.
If you'd like to view other claims, just do:
decodedJWT.getClaims().forEach((s, claim) -> System.out.println(s));
Hi Sayyiditow!
Could you please help with similar issue?
I obtain xero token with scopes:
When I decode it via https://jwt.io I get these fields:
My questions are:
thanks!
Hi,
My replies above were based on Version 3.2.1 of the Xero Java API. Are you using the same?
Thanks for the quick answer! My problem was that I decoded access token whereas I should find email in id_token!
So, for now I need to find answer at least for one of the questions:
Any help is kindly appreciated
@hyperclick
We have a java "starter" app that demonstrates the oauth flow and how you obtain your accessTokenResponse which includes you access_token and id_token. https://github.com/XeroAPI/xero-java-oauth2-starter/blob/ab6dc9c46f8e714f6ca7cb3d83b7cdc0401ad4c4/src/main/java/com/xero/starter/Callback.java#L85
We also show how you decode the id_token you saved on callback. https://github.com/XeroAPI/xero-java-oauth2-starter/blob/ab6dc9c46f8e714f6ca7cb3d83b7cdc0401ad4c4/src/main/java/com/xero/starter/AuthenticatedResource.java#L42
SDK you're using (please complete the following information):
Describe the bug We are trying to get the user's email who linked their organization with our app to use as this as an identifier but with the scopes added, we don't see the email being returned in the DecodedJWT.
To Reproduce After getting the accessToken, we are doing:
DecodedJWT jwt = JWT.decode(accessToken);
Inspecting this jwt, there is no email information for the user.
Expected behavior An email claim should be present in the JWT.