HTTP Oauth2 and id-token from the main Connection

Hi everyone… first post here and ive scoured and scoured the community for the answer to this so im hoping it is simple and im missing something.

With my new ‘Connection’ within an HTTP Oauth2 module, I am connecting correctly to all the end points and it seems to validate no problem.

However, the authorization ‘Connection’ is supposed to generate an ‘id-token’ as a response once I have logged into a pop up form generated via the initial HTTP call.

This ‘id-token’ response from the /token connection in the same module is required alongside my x-api-key each time i make a call to the actual API for data (not the authorization part that comes before).

But i can’t see anywhere that id-token can be referenced from the Connection in the same Oauth2 module (as i believe it automatically does this in the background in one module).

Can anyone help me understand this module or how to pull out the response data in the background of the Oauth2 HTTP module?

Secondly, to workaround this issue i tried building a more manual Oauth1/2 process using multiple HTTP modules but I cannot get the HTTP module to launch a popup browser window for me to login (like the OAuth2 one does) and only correctly downloads the actual code rather than display the page…what am i missing?

Thank you greatfully!

I think you’ll need to contact support for this one.

For quicker assistance with technical problems, you may want to contact support directly. They respond very quickly and update you frequently on the status of their investigation.

Hope you can share the resolution with us if you manage to solve this problem!

Hey @stevenjamespro - welcome to the Community!

If my understanding is correct, when you’re talking about the id-token you’re meaning the Access Token. With a Oauth 2.0 authorization an Access Token needs to be sent with every HTTP request.

The good news is - the HTTP Make an OAuth 2.0 request module handles all that for you in the background! Once the Connection has been established, you don’t need to manually cite the Access Token, or handle any token refresh issues.

If you need to send any additional headers (like the x-api-key header you mentioned) you can include these in the Headers section of the module.

2 Likes

Hi David, really appreciate your input here.
Please take a look at this api guide below:

https://api.vincere.io/#overview

Scroll down to the - Calling the Vincere APIv2 section.

It does require the passing of the ‘id-token’ specifically not the access_token you are referring to. As this id-token is generated and passed back upon authorization.

Now, I have done this using Bubble.io with a test app i created, but i cant seem to workout how to capture that using the Oauth2 module alone.

I have tried manually to rebuild a simple Oauth flow within the scenario but i cant seem to get the HTTP module to display or open a pop up window to log in initially…can you let me know how that works?

1 Like

Yes, it looks like the two tokens mentioned here are different ones. The access_token is used for setting up and authenticating the OAuth connection, and the id-token is a “proprietary” secondary verification token so that any leakage of the access_token will not compromise the security of the account.

I don’t think you can intercept/extract the response from the connection set-up, so this seems to require a feature request or support request.

You can submit this suggestion to the Idea exchange, under App improvement ideas. Don’t forget to search for it first, just in case someone already suggested it!

For quicker assistance with technical problems like these, you may want to contact support directly. They respond very quickly and update you frequently on the status of their investigation.

Hope you can share the resolution with us if you manage to solve this problem!

2 Likes

will do Samlie, thats exactly what I was thinking and have started building a seperate manual ‘App’ with my own connection/oauth2 module in Make. See how it goes.

Yep, it looks like a variant of OAuth 2.0. That can’t be handled in the HTTP app.

You would need to create your own Custom App to do this.

2 Likes