I need help. I have a client who wants to use the login widget. It returns a sessiontoken, and I am redirecting to a custom dashboard (landing page). I need the user id of the currently logged in user. I am using python 3.6.
What do I do, simply? The Oauth suggestion I’ve read before just introduces a whole other level of complexity and values I don’t have. This HAS to be documented somewhere, it should be pretty standard.
Again, user logins to sign in widget, which redirects to landing page. On the landing page, I only have the sessiontoken passed in the url from the login widget. I think need the simplest way to get the user_id of the logged in user.
Your best best when working with a server side language is probably an OIDC or OAuth 2.0 Authorization Code Flow. You should be able to grab a Python lib, like pyoidc or oidcrp. Those libraries should expose the details you are looking for, and handle all of the complexity as well.
Thanks!! I am trying to avoid adding all that additional complexity which defeats the purpose of the sign in widget. There has to be some api call where I can use the sessiontoken, and call an api and get back the user who is currently logged in using that session. That’s what I’m looking for, instead of a whole other way to rewrite everything and get another whole set of values and add libraries, etc. which I don’t have, the customer doesn’t have, etc… .
How do you go from a sign in widget to having the user who just signed in?
I wouldn’t say it defeats the purpose. Though I can understand your frustration. Today’s security protocols are much more complex than the days of the simple username/password auth. For a nice OAuth primer you can take a look at this post: What the Heck is OAuth
Getting back to your question, you mentioned your application was written in Python? Are you customizing the widget, or are you using it out of the box? Can you describe in a bit more detail how you are using the widget? And how your backend will use the user’s info? Maybe we can suggest another secure option?
Using the widget vanilla… and redirecting to a “custom” dashboard, where is essentially a dashboard where I pull over the user (who just logged in) their apps from Okta using the apps api, then I display the chicklets with the links to each app. The issue was they wanted different sized chicklets than okta allowed in the current dashboard (portrait, etc)… they are hosting and in control of the server and environment (AWS, linux machine). So I just created two pages, the widget, with their logo and a redirect, and the “dashboard.py” file, which gets the apps and creates an HTML page. They also want a page where the user can update their profile information, which I could use the user profile api.
The only solution I can think of is to store the user email in a cookie and if they’re authenticated then use the email address in a cookie to get the user id and then their apps and profile.
It just seems like this would be a common use case where, once you login with the widget, something should be able to tell you WHO just logged in?
I agree… the cookie thing is not a good idea. I saw the sessions api and thought that was the deal because it looks like I pass the session token in and get back the user id, then I’m off to the races, but I kept getting a 401 or some error, I forgot… I will try that again. Thank you very much for your time, advice and guidance.
I resolved this one by just getting the userid from the response in the login widget. Okta support sent me an example were the userid also passed back in the widget.