Accessing ID tokens that are sent by OIDC servers

System implementers can use a standardized interface to access the identity data (ID token) that are sent by the OIDC servers for the currently logged in user.

By using the standardized interface, system implementers can read the ID token of the current user and use this information for further customizations that are done as part of post-authentication implementations.

This interface can be accessed with the following custom code post login.

package com.ibm.sterling.afc.auth;

public interface OidcIdToken {
       /**
       * This method returns a string containing the raw idtokenjwtobject.
       * @returnString
       */
       publicString getIdToken();
       /**
       * This method returns a string containing claims in form of a JSON
       * @return
       */
       publicString getClaims();
}

For example, you can use the following code snippet in your IYFSPostAuthenticationinterface implementation to call the OidcIdToken interface after the login is done. This code can be used to read and print the idtoken and claims and use this information in any of your post-authentication implementations. 

package org.yourorg.oidc;
import javax.servlet.http.HttpServletRequest;
import com.ibm.sterling.afc.auth.OidcIdToken;
import com.yantra.yfc.util.YFCCommon;
import com.yantra.yfc.util.YFCConfigurator;
import com.yantra.yfs.ui.backend.IYFSPostAuthentication;

public class DummyTokenAuth implements IYFSPostAuthentication {

	public DummyTokenAuth() {
		// TODO Auto-generated constructor stub
	}

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub

	}

	@Override
	public boolean doPostAuthentication(HttpServletRequest arg0) {
		// TODO Auto-generated method stub
		String sIbmIdEnabled=YFCConfigurator.getInstance().getProperty("yfs.ibmid.authentication.enabled");
		String sProvisionerName=YFCConfigurator.getInstance().getProperty("yfs.ibmid.provisioner.name");
		String sProvisionerClassName=YFCConfigurator.getInstance().getProperty("yfs.ibmid.provisioner."+sProvisionerName+".class");
		// check if the OIDC feature is enabled
		if (!YFCCommon.isVoid(sIbmIdEnabled) 
		&& ("y".equalsIgnoreCase(sIbmIdEnabled)||"yes".equalsIgnoreCase(sIbmIdEnabled)||"t".equalsIgnoreCase(sIbmIdEnabled)||"true".equalsIgnoreCase(sIbmIdEnabled)) 
		&& !YFCCommon.isVoid(sProvisionerClassName)) { 			
			try {
				OidcIdToken token =  (OidcIdToken)Class.forName(sProvisionerClassName).newInstance();	
				String jwt = token.getIdToken();
				String claims = token.getClaims();
				System.out.println("jwt: "+jwt);
				System.out.println("claims: "+claims);
			}
			catch(Exception ex) {
							
			}
		}

		return true;
	}

}