Issue
I know how to view a SAML request/response from the HTTP requests in the browser, which I frequently do to troubleshoot SSO configurations (such as viewing the actual claims sent in the assertion)
Is there a way to see the JWT sent during SSO using OAuth/OIDC?
Asking this from the side of the IdP administrator, not as a developer/relying party administrator, and preferably without any browser extensions
Solution
By default the identity token is delivered in the backchannel using what is called an Authorization Code flow. There's no easy way to get it into the browser. However:
a) if you have access to the Client ID and Client Secret you may compose a POSTman call that exchanges the authorization code for an identity token by hand, see: How can Postman get the OAuth 2.0 auth token in the authorization code flow?.
b) if you're able to change the so called "grant type" that the Client uses, you can use the Implicit grant type that will exchange tokens in the front channel thus accessible from a browser; you should note that this grant type is deprecated
Answered By - Hans Z. Answer Checked By - Marie Seifert (PHPFixing Admin)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.