Tutorial: How to Access Token

Access Tokens issued by Organicity Accounts are valid for 5 minutes. They can be used in the backend or in the frontend of the web-application. The Access Tokens are not just a random tokens, Organicity Accounts returns OpenID Connect Tokens. The OpenID Connect Protocol is an extention for OAuth2.

OpenID Connect Tokens + JSON Web Tokens

OpenID Connect Tokens are represented as JSON Web Tokens (JWT). A JWT is represented as a sequence of BASE64-encoded parts, separated by a dot. An example:

<PART_1>.<PART_2>.<PART_3>

We will focus on the <PART_2>: contains a set of claims in JSON, as they are specified by the Open ID connect specification. Some examples:

Additonally, it contains the roles of the user, and some informations about the user.

An example:

{
  "jti": "01c68b6a-e3ec-4472-9a80-9f53ba266104",
  "exp": 1475225200,
  ...
  "iss": "https://accounts.organicity.eu/realms/organicity",
  "aud": "example",
  "sub": "cf2c1723-3369-4123-8b32-49abe71c0e57",
  "typ": "Bearer",
  ...
  "realm_access": {
    "roles": [
      "offline_access",
      "experimenter"
    ]
  },
  ...
  "name": "Dennis Boldt",
  "preferred_username": "boldt",
  "given_name": "Dennis",
  "family_name": "Boldt",
  "email": "[email protected]"
}

You're application can decode and verify the JWT and use that informations.

Verify Access Tokens

jwt.io

Access Tokens can be verified by using http://jwt.io during the development. Check, if the JSON attribute preferred_username equals your username. Thus, the application performs actions in name of the user (e.g., you).

Libraries

If you have to work with the Access Tokens within your code, there are some nice JWT libraries:

To verirfy the token, you need the public certificate, which is available here.

Organicity APIs

These Access Tokens can be used as Bearer Token to call different Organicity APIs, e.g., to push an Assets to the Organicity Experimenter Site. An HTTP header example:

Authorization: Bearer <ACCCESS_TOKEN>