How to obtain access token from OpenID registration
-
Hi, I have implemented auth using OpenId identity provider (in my case, github). Unfortunately, the user registrations associated with this Identity provide only the refresh token. In this case, every time I want to obtain a user access token for github api, I am forced to execute 3 additional requests (fetch user registration, generate new set of tokens including access token using github's access_token endpoint, send an updated refresh token to fusionauth). Is there any simpler and more performant method for obtaining access tokens from OpenID providers?
-
Hi @mdobron17,
Thanks for writing in! For what it's worth, the way you are approaching it now is a great way to do it. When you log in to GitHub with an OIDC IdP, we store away the refresh token, and don't auto-refresh the GH JWT. That is up to you, as the developer.
It's worth mentioning that even if we built functionality to store the Refresh Token and the Access Token, the JWT Access Token eventually expires and needs to be refreshed, which would put the burden back on you to refresh the token.
You're free to open a GH issue to suggest we expand how we handle tokens from 3rd party IdPs, if you'd like. You can do so here.
If you'd like a little more of a deep dive into configuring OIDC with GitHub, we have a post on that here.
Hopefully this helps, please let me know if you have any more questions!