Ask Your Question
2

How can the oauth flow in httr2 be modified to utilize id_token instead of access_token?

asked 2022-09-22 11:00:00 +0000

pufferfish gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
3

answered 2023-03-04 23:00:00 +0000

ladyg gravatar image

To modify the OAuth flow in httr2 to utilize idtoken instead of accesstoken, you need to make the following changes:

  1. Update the authorization endpoint to include the OpenID Connect scope (openid). This scope is required to request an id_token.

  2. Set the response_type parameter in the authorization request to code id_token.

  3. Request the id_token parameter in the token request.

  4. Verify the id_token received from the token endpoint to ensure its authenticity.

Here is an example code snippet:

```{r} library(httr)

Define OAuth endpoints

authurl <- "https://example.com/oauth2/authorize" tokenurl <- "https://example.com/oauth2/token" clientid <- "yourclientid" clientsecret <- "yourclientsecret" redirect_uri <- "https://localhost:1410"

Create OAuth client

myapp <- oauthapp("myapp", key = clientid, secret = clientsecret, redirecturi = redirect_uri)

Define authorization parameters

authparams <- list(scope = "openid", responsetype = "code idtoken", redirecturi = redirect_uri, state = "myapp")

Generate authorization URL

authurl <- oauth2.0authorizeurl(myapp, authurl, auth_params)

Open web browser and get authorization code and id_token from the redirect URI

Define token parameters

tokenparams <- list(granttype = "authorizationcode", redirecturi = redirecturi, code = "yourauthorizationcodereceivedfromtheredirecturi", id_token = "true")

Request access token and id_token

token <- oauth2.0token(tokenurl, myapp, token_params)

Verify authenticity of id_token

jwt::jwtdecode(token$idtoken)

Use id_token for further API requests

```

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2022-09-22 11:00:00 +0000

Seen: 15 times

Last updated: Mar 04 '23

Related questions

What is the process for implementing SSO using Spring authorization server, Spring boot 3.0.4, and Google?

What is OCPP Authorization and can you explain it in different words?

What are the steps to implement the authorization code flow (using Keycloak) in a web project built with Flutter?

What is the process to incorporate authentication and authorization using JSON Web Tokens (JWT) into a Django REST API?

What are the steps to enable Keycloak to receive POST requests at an authorization endpoint?

Can you restate the following question: How do Web API, OWIN, and SignalR relate to Authorization?

How can I resolve the HttpClient authorization issue when using a Bearer Token?

How can set the Project Title in the Doxygen Configuration File?

How can I prevent freezing when using Task.Wait in C#?

What is the process to italicize certain keywords in visual studio code?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact