Closed IMS94 closed 2 years ago
thivi
commented
2 years ago Hi @IMS94,
You can use the getIDToken() method to obtain the ID token and attach it to a request.
You also have the option of returning a JWT token as the access token:
You can read more about it here:
https://wso2.com/asgardeo/docs/references/app-settings/oidc-settings-for-app/#access-token
IMS94
commented
2 years ago @thivi thanks for the pointers. I too found these information later. And how to use the access_token. But my point is, once a user is logged in, what's the best practice to get the access_token from auth context and pass it in an Authorization header. Appreciate if you can add a piece of documentation into the docs mentioned.
Issue with getIDToken() is that it returns a promise. Can we use the state returned by the auth context to get the access_token instead?
thivi
commented
2 years ago If you are using sessionStorage or localStorage, you can use the getAccessToken() method to retrieve the access token. However, if you are using the webWorker storage, then you can't get the access token in any way. This is done to secure the access token. To send HTTP requests, you can use the httpRequest method. This method automatically attaches the access token to the authorization header before sending the HTTP requests.
IMS94
commented
2 years ago @thivi thanks! Got it. Can you add these information to the SDK's docs? It will be helpful.
thivi
commented
2 years ago Hi @IMS94, Sure, will do!
Is your suggestion related to a missing or misleading document? Please describe. $subject
Once a user is successfully logged in, what's the best practice to use the retrieved id_token when calling external services? i.e, what's the recommended way to pass the id_token as the
Autrhorizationheader in a request to another service.Describe the improvement
Update the samples or add some documentation explaining the above.