DEVHIDE
Login Or Sign up

AppID userProfileManager.getUserInfo() gives a UnauthorizedException error

262 Views Asked by At

I am playing around with the Appid implementation using the NodeJs SDK and I am currently trying to fetch ApplicationIdentityToken via the TokenManager. And below is my code snippet.

The tokenManager.getApplicationIdentityToken() gives you a valid token, but the problem I am facing is that whenever I pass this token to the userProfileManager.getUserInfo(token) it gives me a UnauthorizedException.

I have stripped down the entire code and created a small function just to test the fetching of token and verifying it with the userProfileManager.getUserInfo function.

Note: Please ignore the antipattern it is just for providing the code snippet.

const userProfileManager = require('ibmcloud-appid').UserProfileManager;

userProfileManager.init({
  oauthServerUrl: process.env.APPID_URL,
  profilesUrl: process.env.APPID_PROFILES_URL,
});

const config = {
  tenantId: process.env.TENANT_ID,
  clientId: process.env.CLIENT_ID,
  secret: process.env.CLIENT_SECRET,
  oauthServerUrl: process.env.APPID_URL,
  profilesUrl: process.env.APPID_PROFILES_URL,
};

let token = '';

const { TokenManager } = require('ibmcloud-appid');

const tokenManager = new TokenManager(config);

const getAppIdentityToken = async () => {
  tokenManager
    .getApplicationIdentityToken()
    .then((appIdAuthContext) => {
      console.log(` Access tokens from SDK : ${JSON.stringify(appIdAuthContext)}`);
      token = appIdAuthContext.accessToken;
    })
    .then(async () => {
      const data = await userProfileManager.getUserInfo(token);
      console.log(data);
    })
    .catch((err) => {
      console.error(err);
    });
};

exports.getAppIdentityToken = getAppIdentityToken;
ibm-cloud single-sign-on app-id ibm-appid
Original Q&A
2

There are 2 best solutions below

0
data_henrik On

I believe there is some confusion.

  1. AppID is an IBM Cloud service and you can manage the service as a user of IBM Cloud. This requires that you are logged in or have an API key or access token.

  2. Then, AppID is able to manage users and access. For that, there are self-service actions as well as access token for working with an app or other resources.

It seems to me that you generated a token for 2), but performing the user profile access which requires an IAM token.

0
Laura Tebben On

TokenManager is used for Custom Identity or Application Identity flows. Application Identity flows are for app-to-app communication (i.e. client_credentials grant type). Getting the user info is user-to-app communication (e.g. authorization_code grant type) so you need a user's access token. You can get that token from the session, provided that the user is logged in:

accessToken = req.session[WebAppStrategy.AUTH_CONTEXT].accessToken;

See the SDK's README for more details: https://github.com/ibm-cloud-security/appid-serversdk-nodejs#manage-user-profile

What is your use case? You may not need to make this additional request using UserProfileManager. You can find the user info in the identity token, and can add additional information to the token using custom claims mapping https://cloud.ibm.com/docs/appid?topic=appid-customizing-tokens

Related Questions in IBM-CLOUD

Related Questions in SINGLE-SIGN-ON

Related Questions in APP-ID

Related Questions in IBM-APPID

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.