【问题标题】:Auth0 : how to retrieve app_metadata and user_metadata in token?Auth0:如何在令牌中检索 app_metadata 和 user_metadata?
【发布时间】:2017-10-18 10:45:39
【问题描述】:

我尝试使用用户名和密码对用户进行身份验证。我想检索 JWT 作为响应并在其中找到他的权限(存储在 app_metadata 中)。

但返回的 id_token 不包含 user_metadata 或 app_metadata。

我尝试使用 Java 驱动程序和 HTTP 调用。

Java:

 AuthAPI auth = new AuthAPI("my-domain.auth0.com", "my_client_id", "my_secret_id");
 AuthRequest request = auth.login(username, password)
         .setScope("openid app_metadata user_metadata");
 try {
     TokenHolder holder = request.execute();
     return holder;
 } catch (Auth0Exception e) {
     throw new AuthentException("Error authenticating " + username, e);
 }

HTTP:

     final String req = "{"
             + "\"username\":\"test@domain.com\","
             + "\"password\":\"test\","
             + "\"scope\":\"openid app_metadata user_metadata\","
             + "\"client_id\":\"my_client_id\","
             + "\"client_secret\":\"my_secret_id\","
             + "\"grant_type\":\"password\""
             + "}";
     RestTemplate template = new RestTemplate();
     HttpHeaders headers = new HttpHeaders();
     headers.setContentType(MediaType.APPLICATION_JSON);
     HttpEntity<String> entity = new HttpEntity<>(req, headers);

     ResponseEntity<String> response = template.exchange("https://my-domain.auth0.com/oauth/token", HttpMethod.POST, entity, String.class);

返回的 id_token 只包含:

 {
   "email": "test@domain.com",
   "email_verified": true,
   "iss": "https://my-domain.auth0.com/",
   "sub": "auth0|xxx",
   "aud": "my_client_id",
   "exp": 1497744462,
   "iat": 1495116462
 }

我尝试添加规则:

function (user, context, callback) {
   var namespace = 'https://my-domain.auth0.com/';
   if (context.idToken && user.user_metadata) {
     context.idToken[namespace + 'user_metadata'] = user.user_metadata;
   }
   if (context.idToken && user.app_metadata) {
     context.idToken[namespace + 'app_metadata'] = user.app_metadata;
   }
   callback(null, user, context);
 }

还有一个钩子:

module.exports = function(client, scope, audience, context, cb) {
   var access_token = {};
   access_token.scope = scope;
   access_token.scope.push('user_profile');
   cb(null, access_token);
 };

但没有将元数据添加到 id_token。

我如何检索这些元数据?

谢谢。

【问题讨论】:

    标签: java authentication authorization auth0


    【解决方案1】:

    我发现 /oauth/ro 端点正在工作:https://auth0.com/docs/api/authentication#resource-owner

             final String req = "{"
                     + "\"username\":\"ambre@domain.com\","
                     + "\"password\":\"test\","
                     + "\"scope\":\"" + settings.getScope() + "\","
                     + "\"connection\":\"Username-Password-Authentication\","
                     + "\"client_id\":\"" + settings.getClientId() + "\","
                     + "\"grant_type\":\"password\""
                     + "}";
             RestTemplate template = new RestTemplate();
             HttpHeaders headers = new HttpHeaders();
             headers.setContentType(MediaType.APPLICATION_JSON);
             HttpEntity<String> entity = new HttpEntity<>(req, headers);
    
             ResponseEntity<String> response = template.exchange("https://my-domain.auth0.com/oauth/ro", HttpMethod.POST, entity, String.class);
    

    但我在 java 驱动程序 1.0.0 中找不到等效项

    【讨论】:

      猜你喜欢
      • 2017-07-11
      • 1970-01-01
      • 2017-09-13
      • 1970-01-01
      • 2018-05-20
      • 2021-08-08
      • 2017-09-29
      • 2018-07-13
      • 2020-12-17
      相关资源
      最近更新 更多