Skip to content
Advertisement

How to decode opaque Access Token with Oauth2.0

I have got a token key which contains the logged in person email address as well as the name and other end points.This was actually used in xero API connection.

scope = 'offline_access accounting.reports.read accounting.settings.read openid profile email'

I need to decode this token key and get the logged in email address and the name of the person who is logged in.

For an example my token key is as below.

b9b73c12b40a3bc1441f5bda331c4d7c64c0394956d5105eec61a71de19f8153

How can I decode this opaque Access Token and get the relevant information using python.

Advertisement

Answer

Clients should never decode access tokens directly, as jps says. You have these options:

READ USER FIELDS FROM ID TOKEN

The UI reads this JWT directly. An id token always has JWT format and is designed to be read by clients.

USE USER INFO ENDPOINT

The UI can send the access token to the User Info endpoint, using the message from step 24 of the above blog post.

GET USER INFO FROM API

This tends to be the most extensible option, since you can return any info you want, and you are not limited to what is contained in access tokens.

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement