Back to oneall.com

how to get identity_token on backend server?

Prateek_BaranwalPrateek_Baranwal
in Questions

I am integrating oneall with my backend server to upload video on youtube.
1. After authorisation, how can i get the identity token of the user on my backend server?
2. does the identity token expire?

Answers

  • Damien_ZARADamien_ZARAMemberAdministratorOneAll Team

    Hello,

    The identity token does not expires as it is a OneAll specific token, but the user access_token given by Google can expire. It's returned by the API automatically when doing the callback (after login). You can also list all users with their identity token using our API : https://docs.oneall.com/api/resources/identities/list-all-identities/

    Best regards,
    Damien

  • Aqsa_BibiAqsa_BibiMember

    To obtain an identity token on a backend server, you typically need to integrate with an identity provider (IdP) that supports OAuth 2.0 or OpenID Connect (OIDC). Here's a step-by-step guide to achieve this:

    1. Choose an Identity Provider
      Common providers include:

    Google Identity Platform
    Auth0
    Okta
    Microsoft Azure AD
    2. Register Your Application
    Register your application with the identity provider to get a client ID and client secret.

    1. Implement the Authorization Code Flow
      The Authorization Code Flow is a common OAuth 2.0 flow for server-side applications.

    a. Redirect to Authorization Endpoint
    When a user needs to authenticate, redirect them to the identity provider’s authorization endpoint with parameters like:

    response_type=code
    client_id
    redirect_uri
    scope
    state
    python
    Copy code
    import urllib.parse

    base_authorization_url = "https://example-idp.com/oauth2/authorize"
    params = {
    "response_type": "code",
    "client_id": "YOUR_CLIENT_ID",
    "redirect_uri": "YOUR_REDIRECT_URI",
    "scope": "openid profile email",
    "state": "random_state_string"
    }
    authorization_url = f"{base_authorization_url}?{urllib.parse.urlencode(params)}"
    b. Handle the Redirect and Authorization Code
    The IdP will redirect back to your redirect_uri with an authorization code and state parameter.

    c. Exchange Authorization Code for Tokens
    Send a POST request to the token endpoint to exchange the authorization code for tokens (including the identity token).

    python
    Copy code
    import requests

    token_url = "https://example-idp.com/oauth2/token"
    data = {
    "grant_type": "authorization_code",
    "code": authorization_code,
    "redirect_uri": "YOUR_REDIRECT_URI",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
    }
    response = requests.post(token_url, data=data)
    tokens = response.json()
    identity_token = tokens.get("id_token")
    4. Verify the Identity Token
    Verify the identity token to ensure it is valid and hasn’t been tampered with. This usually involves:

    Decoding the token.
    Checking the token’s signature.
    Validating claims (issuer, audience, expiration).
    Example Code (Python)
    Here’s an example using Python with Flask for the backend:

    python
    Copy code
    from flask import Flask, redirect, request, session
    import requests
    import jwt

    app = Flask(name)
    app.secret_key = "your_secret_key"

    # Configuration
    client_id = "YOUR_CLIENT_ID"
    client_secret = "YOUR_CLIENT_SECRET"
    redirect_uri = "YOUR_REDIRECT_URI"
    authorization_url = "https://example-idp.com/oauth2/authorize"
    token_url = "https://example-idp.com/oauth2/token"

    @app.route("/login")
    def login():
    params = {
    "response_type": "code",
    "client_id": client_id,
    "redirect_uri": redirect_uri,
    "scope": "openid profile email",
    "state": "random_state_string"
    }
    auth_url = f"{authorization_url}?{urllib.parse.urlencode(params)}"
    return redirect(auth_url)

    @app.route("/callback")
    def callback():
    code = request.args.get("code")
    state = request.args.get("state")

    # Exchange authorization code for tokens
data = {
    "grant_type": "authorization_code",
    "code": code,
    "redirect_uri": redirect_uri,
    "client_id": client_id,
    "client_secret": client_secret
}
response = requests.post(token_url, data=data)
tokens = response.json()

id_token = tokens.get("id_token")

# Verify the identity token (example, using PyJWT)
decoded_token = jwt.decode(id_token, options={"verify_signature": False})

return f"User ID Token: {decoded_token}"

    if name == "main":
    app.run(debug=True)
    This example demonstrates how to handle the OAuth 2.0 Authorization Code Flow and retrieve an identity token on the backend server. Adjust the configuration and endpoints based on your chosen identity provider.

Login to your OneAll account to add a new comment

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.

Ask a question

Information

Products & Services

Categories