Checking Access Credentials within an action

Avatar

Avatar

ursboller

MVP

Avatar

ursboller

MVP

ursboller
MVP

17-09-2020

I want to check access credentials within an action of a firefly app. I can see the bearer token in the params, but how can I exctract any information about the user or access credentials? best would be to know what product profiles the user has to make a check against needed permissions. is there any way to retrieve more information about the user to which the bearer token belongs?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

dr_venture

Employee

Avatar

dr_venture

Employee

dr_venture
Employee

17-09-2020

You should be able to decode the bearer token and get the following 

{
  "id" : "1600361729831_7c314c691",
  "client_id" : "UDPWeb1",
  "user_id" : "8E5E47DA4706D5D@AdobeID",
  "state" : "{\"session\":\"https://ims-na1.adobelogin.com/ims/session/v1/ZjZmMWE3YTQtmRlLS04RTVFNDdEQTQ3MDZENUQ1OTYmVJRA\"}",
  "type" : "access_token",
  "as" : "ims-na1",
  "fg" : "UY6ROZRAVLPBL37QAP4======",
  "sid" : "1599771421938_-8d32-425e-815d-b734beb48abc_ue1",
  "moi" : "db01",
  "c" : "kg9B1xnV4UpPgkVi/gQ==",
  "expires_in" : "86400000",
  "scope" : "AdobeID,openid,adobeio_api,gnav,read_organizations,additional_info.projectedProductContext,unified_dev_portal,additional_info.roles,read_pc.dma_bullseye,session,adobeio.appregistry.read,adobeio.appregistry.write,sao.creative_cloud,account_cluster.read",
  "created_at" : "1600361729831"
}

The following libs will help you decode.
jwt-decode

njwt

 

The scopes property defines access granted to the token.  

 

There are also IMS apis you can call using the token to get information about the user.  

 

Also, I found this lib https://github.com/adobe/aio-lib-ims

It might help you out. 

 

 

 

Answers (1)

Answers (1)

Avatar

Avatar

SarahXu

Avatar

SarahXu

SarahXu

17-09-2020

Hi @ursboller 

What level of access are you looking for? One way I can think of is to pass in the user profile (like product context) from client side as a param into your action, and have your action check that before executing anything. This way you can further restrict access based on user information. 

 

Sarah