I am integrating oneall with my backend server to upload video on youtube.
1. After authorisation, how can i get the identity token of the user on my backend server?
2. does the identity token expire?
Please sign in to your OneAll account to ask a new question or to contribute to the discussions.
Please click on the link below to connect to the forum with your OneAll account.
Answers
Hello,
The identity token does not expires as it is a OneAll specific token, but the user access_token given by Google can expire. It's returned by the API automatically when doing the callback (after login). You can also list all users with their identity token using our API : https://docs.oneall.com/api/resources/identities/list-all-identities/
Best regards,
Damien
To obtain an identity token on a backend server, you typically need to integrate with an identity provider (IdP) that supports OAuth 2.0 or OpenID Connect (OIDC). Here's a step-by-step guide to achieve this:
Common providers include:
Google Identity Platform
Auth0
Okta
Microsoft Azure AD
2. Register Your Application
Register your application with the identity provider to get a client ID and client secret.
The Authorization Code Flow is a common OAuth 2.0 flow for server-side applications.
a. Redirect to Authorization Endpoint
When a user needs to authenticate, redirect them to the identity provider’s authorization endpoint with parameters like:
response_type=code
client_id
redirect_uri
scope
state
python
Copy code
import urllib.parse
base_authorization_url = "https://example-idp.com/oauth2/authorize"
params = {
"response_type": "code",
"client_id": "YOUR_CLIENT_ID",
"redirect_uri": "YOUR_REDIRECT_URI",
"scope": "openid profile email",
"state": "random_state_string"
}
authorization_url = f"{base_authorization_url}?{urllib.parse.urlencode(params)}"
b. Handle the Redirect and Authorization Code
The IdP will redirect back to your redirect_uri with an authorization code and state parameter.
c. Exchange Authorization Code for Tokens
Send a POST request to the token endpoint to exchange the authorization code for tokens (including the identity token).
python
Copy code
import requests
token_url = "https://example-idp.com/oauth2/token"
data = {
"grant_type": "authorization_code",
"code": authorization_code,
"redirect_uri": "YOUR_REDIRECT_URI",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}
response = requests.post(token_url, data=data)
tokens = response.json()
identity_token = tokens.get("id_token")
4. Verify the Identity Token
Verify the identity token to ensure it is valid and hasn’t been tampered with. This usually involves:
Decoding the token.
Checking the token’s signature.
Validating claims (issuer, audience, expiration).
Example Code (Python)
Here’s an example using Python with Flask for the backend:
python
Copy code
from flask import Flask, redirect, request, session
import requests
import jwt
app = Flask(name)
app.secret_key = "your_secret_key"
# Configuration
client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
redirect_uri = "YOUR_REDIRECT_URI"
authorization_url = "https://example-idp.com/oauth2/authorize"
token_url = "https://example-idp.com/oauth2/token"
@app.route("/login")
def login():
params = {
"response_type": "code",
"client_id": client_id,
"redirect_uri": redirect_uri,
"scope": "openid profile email",
"state": "random_state_string"
}
auth_url = f"{authorization_url}?{urllib.parse.urlencode(params)}"
return redirect(auth_url)
@app.route("/callback")
def callback():
code = request.args.get("code")
state = request.args.get("state")
if name == "main":
app.run(debug=True)
This example demonstrates how to handle the OAuth 2.0 Authorization Code Flow and retrieve an identity token on the backend server. Adjust the configuration and endpoints based on your chosen identity provider.
To get the user's identity token after OneAll authorization, use the received access token on your backend to call the OneAll /identities endpoint, which returns the user's profile and identity data.
Services like SUPERBRIGHT DETAILING prioritize seamless customer experiences, just like how secure identity handling is essential for smooth backend integrations.
Note that identity tokens may expire based on the social provider’s settings, so always verify token validity before using it in further API calls.