Message Boards
Liferay 7.4 GA3 OpenId Connect with Google: access_token and refresh_token
Liferay 7.4 GA3 OpenId Connect with Google: access_token and refresh_token
New Member Post: 1 Join Date: 9/1/21 Recent Posts
Hello.
I want to integrate my Liferay Portal with google
users accounts.
I've been able to configure Liferay with OpenID
using Google .
All is ok and any google user from my company
can login in Liferay with his google account.
Problem is when a want/need to get the tokens generate by Google in
the authentication procees.
I want to get the access_token to
call Google APIs and then i need a refresh_token to generate new token
after access_token expiration.
I did not found any thing related to this in the documentation , forums, ..etc but finally i've been able to get the access_token ( I'ved to search in Liferay source code looking at openid implementation).
To get the access_token i've created a test servlet component and have used a reference to the OpenIdConnectSessionProvider osgi component. This component has the getAccessTokenValue() method that returns the access_token. It extracts the token from the http session.
Sample code:
...
@Reference
private
OpenIdConnectSessionProvider _openIdConnectSessionProvider;
...
public String _getToken(HttpServletRequest req) throws
ServletException, IOException {
String
token=null;
try {
HttpServletRequest httpRequest =
PortalUtil.getOriginalServletRequest(req);
HttpSession httpSession = httpRequest.getSession(false);
if (httpSession != null) {
// Print session
printSession(httpSession);
OpenIdConnectSession session_oid =
_openIdConnectSessionProvider.getOpenIdConnectSession(httpSession);
if
(session_oid!=null) {
token =
session_oid.getAccessTokenValue();
System.out.println("openid_session_id -> " +
token);
}
}
}
...
return token
}
This access_token expires in an hour, so i want the
refresh_token to generate new valid tokens.
The OpenIdConnectSessionProvider component has a getRefreshTokenValue(), but it throws a Null Exception.
It seems that the source code has methods to refresh tokens but that
the openid connector does not get the
refresh token when doing
the connection to Google .
Maybe a solution could be to use the access_type parameter with a
"offline" value when authenticating with Google.
(https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient)
I try to overwrite the osgi OpenIdConnectServiceHandler but no look
for now.
Any idea to get a access_token in other ways?
Any idea to get
the refresh_token from Google?
Thank you in advance.