how to get identity_token on backend server?

Prateek_Baranwal

I am integrating oneall with my backend server to upload video on youtube.
1. After authorisation, how can i get the identity token of the user on my backend server?
2. does the identity token expire?

Damien_ZARA

Hello,

The identity token does not expires as it is a OneAll specific token, but the user access_token given by Google can expire. It's returned by the API automatically when doing the callback (after login). You can also list all users with their identity token using our API : https://docs.oneall.com/api/resources/identities/list-all-identities/

Best regards,
Damien

Aqsa_Bibi

To obtain an identity token on a backend server, you typically need to integrate with an identity provider (IdP) that supports OAuth 2.0 or OpenID Connect (OIDC). Here's a step-by-step guide to achieve this:

1. Choose an Identity Provider
   Common providers include:

Google Identity Platform
Auth0
Okta
Microsoft Azure AD
2. Register Your Application
Register your application with the identity provider to get a client ID and client secret.

3. Implement the Authorization Code Flow
   The Authorization Code Flow is a common OAuth 2.0 flow for server-side applications.

a. Redirect to Authorization Endpoint
When a user needs to authenticate, redirect them to the identity provider’s authorization endpoint with parameters like:

response_type=code
client_id
redirect_uri
scope
state
python
Copy code
import urllib.parse

base_authorization_url = "https://example-idp.com/oauth2/authorize"
params = {
"response_type": "code",
"client_id": "YOUR_CLIENT_ID",
"redirect_uri": "YOUR_REDIRECT_URI",
"scope": "openid profile email",
"state": "random_state_string"
}
authorization_url = f"{base_authorization_url}?{urllib.parse.urlencode(params)}"
b. Handle the Redirect and Authorization Code
The IdP will redirect back to your redirect_uri with an authorization code and state parameter.

c. Exchange Authorization Code for Tokens
Send a POST request to the token endpoint to exchange the authorization code for tokens (including the identity token).

python
Copy code
import requests

token_url = "https://example-idp.com/oauth2/token"
data = {
"grant_type": "authorization_code",
"code": authorization_code,
"redirect_uri": "YOUR_REDIRECT_URI",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}
response = requests.post(token_url, data=data)
tokens = response.json()
identity_token = tokens.get("id_token")
4. Verify the Identity Token
Verify the identity token to ensure it is valid and hasn’t been tampered with. This usually involves:

Decoding the token.
Checking the token’s signature.
Validating claims (issuer, audience, expiration).
Example Code (Python)
Here’s an example using Python with Flask for the backend:

python
Copy code
from flask import Flask, redirect, request, session
import requests
import jwt

app = Flask(name)
app.secret_key = "your_secret_key"

# Configuration
client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
redirect_uri = "YOUR_REDIRECT_URI"
authorization_url = "https://example-idp.com/oauth2/authorize"
token_url = "https://example-idp.com/oauth2/token"

@app.route("/login")
def login():
params = {
"response_type": "code",
"client_id": client_id,
"redirect_uri": redirect_uri,
"scope": "openid profile email",
"state": "random_state_string"
}
auth_url = f"{authorization_url}?{urllib.parse.urlencode(params)}"
return redirect(auth_url)

@app.route("/callback")
def callback():
code = request.args.get("code")
state = request.args.get("state")

# Exchange authorization code for tokens
data = {
    "grant_type": "authorization_code",
    "code": code,
    "redirect_uri": redirect_uri,
    "client_id": client_id,
    "client_secret": client_secret
}
response = requests.post(token_url, data=data)
tokens = response.json()

id_token = tokens.get("id_token")

# Verify the identity token (example, using PyJWT)
decoded_token = jwt.decode(id_token, options={"verify_signature": False})

return f"User ID Token: {decoded_token}"

if name == "main":
app.run(debug=True)
This example demonstrates how to handle the OAuth 2.0 Authorization Code Flow and retrieve an identity token on the backend server. Adjust the configuration and endpoints based on your chosen identity provider.