Getting the ID and Access Token values in Oracle Apex app after passing OpenID connect SSO against 3rd party Identity Provider

Question

I use Oracle Apex 24.1.0. Configured app, web credentials and authentication scheme to use custom 3rd party Identity Server. It works as expected, I see the "Access Tokens" and "ID Tokens" counter increment in Workspace Utilities -> Web Credentials -> Create/Edit

Problem: my ID token contains user's permissions. I need to grab them. Ideally - programmatically, using PLSQL. Have no idea how to that and if it is possible.

I've seen many examples how people parse tokens using apex_json, but it is not clear how exactly I can grab token after login. I've seen apex_jwt usage to encode / decode tokens, but I've seen no examples how to grab tokens after log in. Please post a script fragment if you know how to achieve the goal.

Answer 1

I was struggling with this for a days, eventually I came up this solution. It looks like you have access to the token data with apex_json.get_clob('id_token') as long as you leave User Info Endpoint URL blank.

procedure post_authenticate_roles is
  l_group_names apex_t_varchar2;
  l_name VARCHAR2 (100);
  l_id_token CLOB;
  l_token apex_jwt.t_token;
begin
  l_id_token := trim( apex_json.get_clob('id_token')) ;
        
  l_token := apex_jwt.decode (p_value=>l_id_token);
  apex_json.parse(l_token.payload);
  FOR i IN 1..apex_json.get_count( 'roles' ) LOOP

    l_name := apex_json.get_varchar2(p_path => 'roles[%d]', p0 => i );

    If l_name is not null then             
      -- Create the group array
      apex_string.push(p_table => l_group_names, p_value => l_name);
    END IF;
  end loop;

  -- save group names in session
  apex_authorization.enable_dynamic_groups(p_group_names => l_group_names);
END;

Then you add post_authenticate_roles to Post-Authentication Procedure Name