Message Boards

Liferay 7.4 GA3 OpenId Connect with Google: access_token and refresh_token

Jonás R.B, modified 2 Years ago.

Liferay 7.4 GA3 OpenId Connect with Google: access_token and refresh_token

New Member Post: 1 Join Date: 9/1/21 Recent Posts


Hello.
I want to integrate my Liferay Portal with google users accounts.
I've been able to configure Liferay with OpenID using Google .
All is ok  and any google user from my company can login in Liferay with his google account.

Problem is when a want/need to get the tokens generate by Google in the authentication procees.
I want to get the access_token to call Google APIs and then i need a refresh_token to generate new token after access_token expiration.

I did not found any thing related to this in the documentation , forums, ..etc but finally i've been able to get the access_token ( I'ved to search in Liferay source code looking at openid implementation).

To get the access_token i've created a test servlet component and have used a reference to the OpenIdConnectSessionProvider osgi component. This component has the getAccessTokenValue() method that returns the access_token. It extracts the token from the http session.

Sample code:

  ...
 
  @Reference
  private OpenIdConnectSessionProvider _openIdConnectSessionProvider;

  ...

  public String _getToken(HttpServletRequest req) throws ServletException, IOException {
 
    String token=null;
    try {
            
            HttpServletRequest httpRequest = PortalUtil.getOriginalServletRequest(req);
            HttpSession httpSession = httpRequest.getSession(false);
            
            if (httpSession != null) {
                
                // Print session
                printSession(httpSession);
                
                OpenIdConnectSession session_oid = _openIdConnectSessionProvider.getOpenIdConnectSession(httpSession);
                
        
                if (session_oid!=null) {
                    token = session_oid.getAccessTokenValue();
                    System.out.println("openid_session_id -> " + token);
                    }
            }
    }
    ...
    return token
  }
 
 
This access_token expires in an hour, so i want the refresh_token  to generate new valid tokens.

The OpenIdConnectSessionProvider component has a getRefreshTokenValue(), but it throws a Null Exception.

It seems that the source code has methods to refresh tokens but that the openid connector does not get the
refresh token when doing the connection to Google .

Maybe a solution could be to use the access_type parameter with a "offline" value when authenticating with Google.
(https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient)
I try to overwrite the osgi OpenIdConnectServiceHandler but no look for now.

Any idea to get a access_token in other ways?
Any idea to get the  refresh_token from Google?


Thank you in advance.