Retrieve Google Auth tokens from Okta sign-in?
Question
I have an application that relies on access to Google Calendar. And, until now, I have authed through a "Sign in with Google" option, requesting the needed Calendar scopes.
What I'm trying to accomplish: I would like allow Okta customers the ability to authenticate (mostly so I can support the SCIM management). The trouble is I am not clear on how to retrieve the needed Google auth credentials to access the Google Calendar API.
Where I'm at, so far: In my own Okta instance, I have successfully configured Google as an IDP, as well as an Okta app (tile), and can authenticate (OIDC) into Okta with my Google credentials, from my Node app. However, the returned external_id , access_token , and refresh_token are all relevant to Okta, not Google.
The Question: Is there a way to get the needed Google authorization elements, both access_token and refresh_token , from my handshake with Okta?
1 answers
solution1
0 2022-07-04 12:33:21
The design pattern you need is to use embedded tokens , where the Google access token is embedded as a custom claim inside the Okta access token. By doing so, the authenticated user can access both their application resources and also their own Google resources.
Unfortunately most providers don't suoport this, though it is a commonly desired extensibility feature. For Okta I would take a look at the custom claims handling and in particular the Okta Expression Language . Hopefully you can get the Google access token as an attribute of the Idp User Profile, eg named access_token , though I don't know for sure if it will work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.