How to get an access token in JWT format?

[manu-remsense]

Hi,

I'm trying to get an access token from Apache server that acts as a Resource, and I want to use that access token on an API that I created with express.js. The api will check for a valid access token which is suppose to be in JWT format, and the code for doing that is based on the sample from "https://github.com/Azure-Samples/microsoft-identity-express/blob/dev/src/crypto/TokenValidator.ts"

I've configured the httpd.conf file with the following parameters,

OIDCCryptoPassphrase "xxx"
OIDCPublicKeyFiles "/home/bitnami/cert.pem"
OIDCPrivateKeyFiles "/home/bitnami/key.pem"
OIDCClientID "xxx"
OIDCProviderMetadataURL "https://login.microsoftonline.com/xxx/.well-known/openid-configuration"
OIDCRedirectURI "https://example.com/redirect_uri"
OIDCProviderTokenEndpointAuth private_key_jwt
OIDCScope "profile openid offline_access"
OIDCInfoHook access_token id_token userinfo

The Apache server runs fine, I'm able to see the encoded id_token in JWT format in the debug log. However, when I request for the access_token from the info hook I get an access token in the "opaque" format, however I need it in JWT. I've been trying to figure out how to solve this problem for some time now, perhaps I'm a little bit out of depth on this topic, any help would be appreciated!

Thanks,

[zandbelt]

the access token is not created by the module, it is created by the OpenID Connect Provider, in your case Azure AD; you'll have to configure Azure AD to issue a JWT instead of an opaque access token; alternatively you can try to find an API that Azure AD provides to validate an (opaque) access token (not sure if it does)

in summary, these are Azure AD questions rather than mod_auth_openidc's

[manu-remsense]

Thanks for a quick response, I was focusing my attention on the wrong area it seems, definitely need to get my head around OpenID better.

The module works really well and thanks for pointing me in the right direction,

Kind Regards,
Manu