Checking Access Credentials within an action | Community
Skip to main content
Urs_Boller
Community Advisor
Urs_BollerCommunity Advisor
Community Advisor
September 17, 2020
Solved

Checking Access Credentials within an action

  • September 17, 2020
  • 2 replies
  • 2019 views

I want to check access credentials within an action of a firefly app. I can see the bearer token in the params, but how can I exctract any information about the user or access credentials? best would be to know what product profiles the user has to make a check against needed permissions. is there any way to retrieve more information about the user to which the bearer token belongs?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by dbenge

You should be able to decode the bearer token and get the following 

{
  "id" : "1600361729831_7c314c691",
  "client_id" : "UDPWeb1",
  "user_id" : "8E5E47DA4706D5D@AdobeID",
  "state" : "{\"session\":\"https://ims-na1.adobelogin.com/ims/session/v1/ZjZmMWE3YTQtmRlLS04RTVFNDdEQTQ3MDZENUQ1OTYmVJRA\"}",
  "type" : "access_token",
  "as" : "ims-na1",
  "fg" : "UY6ROZRAVLPBL37QAP4======",
  "sid" : "1599771421938_-8d32-425e-815d-b734beb48abc_ue1",
  "moi" : "db01",
  "c" : "kg9B1xnV4UpPgkVi/gQ==",
  "expires_in" : "86400000",
  "scope" : "AdobeID,openid,adobeio_api,gnav,read_organizations,additional_info.projectedProductContext,unified_dev_portal,additional_info.roles,read_pc.dma_bullseye,session,adobeio.appregistry.read,adobeio.appregistry.write,sao.creative_cloud,account_cluster.read",
  "created_at" : "1600361729831"
}

The following libs will help you decode.
jwt-decode

njwt

 

The scopes property defines access granted to the token.  

 

There are also IMS apis you can call using the token to get information about the user.  

 

Also, I found this lib https://github.com/adobe/aio-lib-ims

It might help you out. 

 

 

 

2 replies

sarahxxu
Adobe Employee
sarahxxuAdobe Employee
Adobe Employee
September 17, 2020

Hi @urs_boller 

What level of access are you looking for? One way I can think of is to pass in the user profile (like product context) from client side as a param into your action, and have your action check that before executing anything. This way you can further restrict access based on user information. 

 

Sarah

D
Adobe Employee
dbengeAdobe EmployeeAccepted solution
Adobe Employee
September 17, 2020

You should be able to decode the bearer token and get the following 

{
  "id" : "1600361729831_7c314c691",
  "client_id" : "UDPWeb1",
  "user_id" : "8E5E47DA4706D5D@AdobeID",
  "state" : "{\"session\":\"https://ims-na1.adobelogin.com/ims/session/v1/ZjZmMWE3YTQtmRlLS04RTVFNDdEQTQ3MDZENUQ1OTYmVJRA\"}",
  "type" : "access_token",
  "as" : "ims-na1",
  "fg" : "UY6ROZRAVLPBL37QAP4======",
  "sid" : "1599771421938_-8d32-425e-815d-b734beb48abc_ue1",
  "moi" : "db01",
  "c" : "kg9B1xnV4UpPgkVi/gQ==",
  "expires_in" : "86400000",
  "scope" : "AdobeID,openid,adobeio_api,gnav,read_organizations,additional_info.projectedProductContext,unified_dev_portal,additional_info.roles,read_pc.dma_bullseye,session,adobeio.appregistry.read,adobeio.appregistry.write,sao.creative_cloud,account_cluster.read",
  "created_at" : "1600361729831"
}

The following libs will help you decode.
jwt-decode

njwt

 

The scopes property defines access granted to the token.  

 

There are also IMS apis you can call using the token to get information about the user.  

 

Also, I found this lib https://github.com/adobe/aio-lib-ims

It might help you out. 

 

 

 

    Urs_Boller
    Community Advisor
    Urs_BollerCommunity AdvisorAuthor
    Community Advisor
    September 17, 2020
    awesome, exactly what I was looking for! thanks a lot!!!
    Terms & ConditionsAccessibility statement

    Loading footer...