堆栈内存溢出
  简体   繁体   English

从 Okta 登录中检索 Google Auth 令牌?

[英]Retrieve Google Auth tokens from Okta sign-in?

 原文  2022-06-29 18:26:01       single-sign-on/ openid-connect/ google-signin/ okta

问题描述

I have an application that relies on access to Google Calendar.我有一个依赖于访问 Google 日历的应用程序。 And, until now, I have authed through a "Sign in with Google" option, requesting the needed Calendar scopes.而且,到目前为止,我已经通过“使用 Google 登录”选项进行身份验证,请求所需的日历范围。

What I'm trying to accomplish: I would like allow Okta customers the ability to authenticate (mostly so I can support the SCIM management).我想要完成的事情:我想让 Okta 客户能够进行身份验证(主要是为了支持 SCIM 管理)。 The trouble is I am not clear on how to retrieve the needed Google auth credentials to access the Google Calendar API.问题是我不清楚如何检索所需的 Google 身份验证凭据以访问 Google Calendar API。

Where I'm at, so far: In my own Okta instance, I have successfully configured Google as an IDP, as well as an Okta app (tile), and can authenticate (OIDC) into Okta with my Google credentials, from my Node app.到目前为止,我所处的位置:在我自己的 Okta 实例中,我已成功将 Google 配置为 IDP 以及 Okta 应用程序(磁贴),并且可以使用我的 Google 凭据从我的节点向 Okta 进行身份验证(OIDC)应用程序。 However, the returned external_id , access_token , and refresh_token are all relevant to Okta, not Google.但是,返回的external_idaccess_tokenrefresh_token都与 Okta 相关,而不是与 Google 相关。

The Question: Is there a way to get the needed Google authorization elements, both access_token and refresh_token , from my handshake with Okta?问题:有没有办法从我与 Okta 的握手中获取所需的 Google 授权元素,包括access_tokenrefresh_token

1 个解决方案

解决方案1
 0  2022-07-04 12:33:21

The design pattern you need is to use embedded tokens , where the Google access token is embedded as a custom claim inside the Okta access token.您需要的设计模式是使用嵌入式令牌,其中 Google 访问令牌作为自定义声明嵌入到 Okta 访问令牌中。 By doing so, the authenticated user can access both their application resources and also their own Google resources.通过这样做,经过身份验证的用户既可以访问他们的应用程序资源,也可以访问他们自己的 Google 资源。

Unfortunately most providers don't suoport this, though it is a commonly desired extensibility feature.不幸的是,大多数供应商不支持这一点,尽管它是一种普遍需要的可扩展特性。 For Okta I would take a look at the custom claims handling and in particular the Okta Expression Language .对于 Okta,我会看看自定义声明处理,尤其是Okta Expression Language Hopefully you can get the Google access token as an attribute of the Idp User Profile, eg named access_token , though I don't know for sure if it will work.希望您可以将 Google 访问令牌作为 Idp 用户配置文件的一个属性,例如命名为access_token ,尽管我不确定它是否会起作用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Okta 登录小部件检查用户是否已通过身份验证 - Okta Sign-in widget check if user is authenticated 谷歌应用程序SSO允许直接登入 - Google App SSO allowing to sign-in directly Google+登录:验证会话用户 - Google+ sign-in: authenticating session users 如何在 Backstage 上启用 Google 登录? - How to enable sign-in with Google on Backstage? 从 Google 登录获取 Jwt 有效负载,无需默认 Google 弹出窗口 - Get Jwt Payload from Google Sign-In without default Google popup 在Android版Chrome中通过Google ID自动登录 - Automatic sign-in via Google ID in Chrome for Android 使用带有 Node.js 后端的 Angular 应用程序进行 Google 登录 - Google Sign-in using Angular app with a Node.js backend 使用 SSO 和基于浏览器的登录从 Python 连接到 Snowflake - Connecting to Snowflake from Python using SSO and browser based sign-in 如何使用登录(用户/密码)文本框在同一页面上登录ADFS WIF联合身份验证和表单身份验证? - How to sign-in to ADFS WIF federation AND Form auth on the same page with login (user/password) text-boxes? Okta Single Sign On for SharePoint 2013-如何从数据库注入自定义声明 - Okta Single Sign On for SharePoint 2013 - how to inject custom claims from database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM