Logged in via widget, /me session in PHP not current logged in user

Kender · October 11, 2019, 8:44pm

When I login with the widget and then run the curl command via PHP to “https://${yourOktaDomain}/api/v1/users/me” I expect to get the logged in users data, instead I am getting a generic account user (assuming it’s the user linked to the API token)

Is there a way to get the logged in users information without waiting on the widget to return it via JavaScript? (which waits until the page is loaded)

Currently I am making an AJAX call to another page AFTER the page fully loads to set the user session, but that requires another refresh after session is set

dragos · October 14, 2019, 2:21am

Hi @Kender

You can do a cURL request from php using the user’s ID, short name or full username and retrieve his profile information.

Kender · October 14, 2019, 1:15pm

I understand that, but I am trying to fetch the logged in user, not knowing those yet, once I have them I can get that information with those calls, yes, and when I get it for the first time I put that information into my _SESSION variable. But the first time I need to get his information, I need to wait until the JS function runs, which is after the page is fully loaded, so a delay.

Kender · October 22, 2019, 8:35pm

Nobody can assist with a faster way of getting the “logged in user” than using the javascript code when logging in via the javascript widget? a PHP solution that could fire as the page loads, instead of waiting on the javascript to run would be much better

dragos · October 23, 2019, 3:15am

Hi @Kender

WIthout a bridge between the front-end and back-end channels in your application, PHP will not be able to know that a user logged in through the sign-in widget.

This bridge can consist in one of the following:

AJAX call to grab the username from /api/v1/username/me from the browser or local storage and send it to the back-end in a query parameter
define processCreds to grab the username before it’s sent to /api/v1/authn (this requires a check on the back-end that the user actually logged in by checking System Logs, note that a race condition might apply here if implemented incorrectly)

Kender · October 23, 2019, 3:30pm

I am currently using an ajax call on page load, ~~I tried running the ajax call every 10 seconds, but it ended up logging me out (possibly wouldn’t if I pushed it to a minute? does the system think I am spamming it?)~~ I wasnt actually running the OktaSignIn function with my timer

I was hoping I could run the /me/ using php, but it returns generic values. Is there anything I can do in PHP using the $_COOKIE that is set by Okta and the Okta API?

dragos · October 24, 2019, 3:22am

Hi @Kender

What cookies are you able to see through $_COOKIE which are set by Okta?

Kender · October 24, 2019, 1:04pm

@dragos

This is what I can see with the PHP $_COOKIE variable

[okta-oauth-nonce] => hf0kGcWzaHWhFfUj27H4ld672BwXDTzxyQsbHOxyAExulCAE5dWDM84xK4UVrw8x
[okta-oauth-redirect-params] => {\"responseType\":[\"token\",\"id_token\"],\"state\":\"8EexEICIyHMiQtp2rfCK1cZ6OYWdjrqFAZP0OHKzHHttJr6znL0qIe68kRawlAqW\",\"nonce\":\"hf0kGcWzaHWhFfUj27H4ld672BwXDTzxyQsbHOxyAExulCAE5dWDM84xK4UVrw8x\",\"scopes\":[\"openid\",\"email\"],\"urls\":{\"issuer\":\"https://okta-domain.oktapreview.com/oauth2/default\",\"authorizeUrl\":\"https://okta-domain.oktapreview.com/oauth2/default/v1/authorize\",\"userinfoUrl\":\"https://okta-domain.oktapreview.com/oauth2/default/v1/userinfo\"}}
[okta-oauth-state] => 8EexEICIyHMiQtp2rfCK1cZ6OYWdjrqFAZP0OHKzHHttJr6znL0qIe68kRawlAqW

Thank’s for your replies