How to decode opaque Access Token with Oauth2.0
Question:
I have got a token key which contains the logged in person email address as well as the name and other end points.This was actually used in xero API connection.
scope = 'offline_access accounting.reports.read accounting.settings.read openid profile email'
I need to decode this token key and get the logged in email address and the name of the person who is logged in.
For an example my token key is as below.
b9b73c12b40a3bc1441f5bda331c4d7c64c0394956d5105eec61a71de19f8153
How can I decode this opaque Access Token and get the relevant information using python.
Answers:
const token = req.headers.authorization.split(" ")[1]; //Bearer +token
const decodedToken = jwt.verify(token, "secret_message_long_string");
req.userData = { email: decodedToken.email, userId: decodedToken.userId };
This example is for decoding data for nodejs.
try the same way in python. Importing jwt and using the method verfiy passing the token and secret string as an argument.
Clients should never decode access tokens directly, as jps says. You have these options:
READ USER FIELDS FROM ID TOKEN
The UI reads this JWT directly. An id token always has JWT format and is designed to be read by clients.
USE USER INFO ENDPOINT
The UI can send the access token to the User Info endpoint, using the message from step 24 of the above blog post.
GET USER INFO FROM API
This tends to be the most extensible option, since you can return any info you want, and you are not limited to what is contained in access tokens.
I have got a token key which contains the logged in person email address as well as the name and other end points.This was actually used in xero API connection.
scope = 'offline_access accounting.reports.read accounting.settings.read openid profile email'
I need to decode this token key and get the logged in email address and the name of the person who is logged in.
For an example my token key is as below.
b9b73c12b40a3bc1441f5bda331c4d7c64c0394956d5105eec61a71de19f8153
How can I decode this opaque Access Token and get the relevant information using python.
const token = req.headers.authorization.split(" ")[1]; //Bearer +token
const decodedToken = jwt.verify(token, "secret_message_long_string");
req.userData = { email: decodedToken.email, userId: decodedToken.userId };
This example is for decoding data for nodejs.
try the same way in python. Importing jwt and using the method verfiy passing the token and secret string as an argument.
Clients should never decode access tokens directly, as jps says. You have these options:
READ USER FIELDS FROM ID TOKEN
The UI reads this JWT directly. An id token always has JWT format and is designed to be read by clients.
USE USER INFO ENDPOINT
The UI can send the access token to the User Info endpoint, using the message from step 24 of the above blog post.
GET USER INFO FROM API
This tends to be the most extensible option, since you can return any info you want, and you are not limited to what is contained in access tokens.