Access OAuth response in a custom policy

Question

According docs, if I need include external idp token in a response, I need this code:

<ClaimsProvider>
  <DisplayName>Facebook</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="Facebook-OAUTH">
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
      </OutputClaims>
      ...
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

Are there any explanations about such syntax - PartnerClaimType="{oauth2:access_token}"? What else can I reference except access_token, refresh_token? How "object structure" for oauth2 looks like? Does only oauth2 available, or something else also?

score 1 · Accepted Answer · answered Sep 02 '23 at 20:10

The values you can use are documented in the page about claim resolvers.

For your case, check the section: OAuth2 identity provider. It lists the available options as:

{oauth2:access_token}
{oauth2:token_type}
{oauth2:expires_in}
{oauth2:refresh_token}

Access OAuth response in a custom policy

1 Answers1