search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
12.74k stars 850 forks source link

Use OAuth access token to make additional request #8078

Open maikschneider opened 8 months ago

maikschneider commented 8 months ago

Describe your question Can the OAuth AccessToken be accessed in an Expression Policy to make an additional API request? I want to get additional user information inside the default-source-enrollment flow. I think about adding a new policy in the default-source-enrollment-prompt which puts additional data into the request.context["prompt_data"].

Relevant infos I hope, something like this is possible:

token = ???
s = requests.Session()
r = s.get('https://graph.microsoft.com/v1.0/me/photo/$value', headers={'Authorization': 'Bearer ' + token})
request.context["prompt_data"]["avatar"] = r.text

Version and Deployment (please complete the following information):

Any hints for debugging this any further are appreciated. Thanks!

oytuntez commented 8 months ago

I am also trying to find my way around in the codebase to accomplish this. What would be needed for this even if we need to fork? Probably something around here:

https://github.com/goauthentik/authentik/blob/85ebbcfb82ff024a52b54915807f12beaef29cd7/authentik/providers/oauth2/models.py#L314

https://github.com/goauthentik/authentik/blob/85ebbcfb82ff024a52b54915807f12beaef29cd7/authentik/providers/oauth2/api/tokens.py#L19

Any recommendations?

BeryJu commented 1 month ago

While we don't have a general documentation for this yet, you can reference the discord documentation to see how the access token is accessed: https://docs.goauthentik.io/docs/sources/discord/#checking-for-membership-of-a-discord-guild