Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get access to introspection response #234

Closed
fabiante opened this issue Aug 17, 2023 · 4 comments
Closed

Get access to introspection response #234

fabiante opened this issue Aug 17, 2023 · 4 comments

Comments

@fabiante
Copy link

Hi, I followed the guide on how to introspect tokens in Go.

While I got this to work with both auth code and PATs, I wonder: Given the guides example code, is there even a way to get the introspected token?

func main() {
    flag.Parse()

    introspection, err := http_mw.NewIntrospectionInterceptor(*issuer, middleware.OSKeyPath())
    if err != nil {
        log.Fatal(err)
    }

    router := http.NewServeMux()
    router.HandleFunc("/public", writeOK)
    router.HandleFunc("/protected", introspection.HandlerFunc(writeOK))

    lis := "127.0.0.1:5001"
    log.Fatal(http.ListenAndServe(lis, router))
}

func writeOK(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("OK " + time.Now().String()))
}

I'd expect something like introspection.GetResult(ctx) or similar which allows to get the introspected token or similar.

How would I otherwise get access to the tokens actual claims like the users email, name, ... ?
@fforootd
Copy link
Member

Hm, since we built this on top of zitadel/oidc you might want to have a look on this piece of code here which checks the token against the introspect endpoint https://github.com/zitadel/oidc/blob/main/example/client/api/api.go#L71C1-L72C1

@fabiante
Copy link
Author

Oh, seems like a valid approach and I was just following the wrong idea.

I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to context.Context). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.

Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)

Thanks!

@fforootd
Copy link
Member

Oh, seems like a valid approach and I was just following the wrong idea.

I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to context.Context). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.

Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)

Thanks!

Let me assure you that we will improve this SDK in the next few weeks. It will become more easy to interact with 😁

Thank you for trying ZITADEL in a B2B setting you will enjoy it more then a KC for sure.

@aleblanc70
Copy link

What did you put in you apikey.json to make it work ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aleblanc70 @fabiante @fforootd