Possible to get user's token by user id?

l2aelba · February 7, 2023, 9:21am

Just a quick question.

Does it possible to get the user’s token by user id ?

Thanks.

Sebastian · February 7, 2023, 9:22am

You mean the access token? No.

l2aelba · February 7, 2023, 9:25am

Ok thanks so much, I will find what I can do.

Because I want just to keeping tracks who doing what

Sebastian · February 7, 2023, 10:15am

You can have a look to the history endpoint:

l2aelba · February 7, 2023, 11:02am

Thanks, but I see just [GET]

Sebastian · February 7, 2023, 11:05am

You have not mentioned that you also wanna do something. This is just a list of events and changes in your app.

l2aelba · February 7, 2023, 11:07am

Yeah, but the important part is who did it.

Example

Create a new client (access token)
All admins (outside the Squidex) using the same client/token.

Sebastian · February 7, 2023, 11:11am

I don’t understand. The endpoint has an “actor” property to answer the “who” question.

l2aelba · February 7, 2023, 11:13am

Oh, can you explain about “actor” please or link to doc ?

Sebastian · February 7, 2023, 11:14am

Actor is either a client

client:clientID
e.g.
client:my-app:my-client

or a user

subject:userID

e.g.
subject:123123123123123

l2aelba · February 7, 2023, 11:15am

Ohhhhhhh, we can do like this!

thanks so much. I will take a look more.

l2aelba · February 7, 2023, 1:00pm

Hi again,

How can we use subject:userID ? where ?

This is when we getting token ? or when create a page? or what?

Thanks.

Sebastian · February 7, 2023, 3:04pm

This just identifies the user. You can then get user details with this endpoint: https://cloud.squidex.io/api/docs#tag/Users/operation/Users_GetUser

l2aelba · February 8, 2023, 8:24am

Yes, but do you have to doc I can read about identifies the user?

subject:userID

e.g.
subject:123123123123123

Sebastian · February 8, 2023, 8:26am

I don’t get it. What is your question?

l2aelba · February 8, 2023, 8:28am

This is your answer, I just need more info what do you mean by using:

subject:userID

e.g.
subject:123123123123123

l2aelba · February 8, 2023, 8:30am

I used many hours to research about actor / subject / oauth / openid / Squidex docs
Still dont know what is that

Example:

const token = await axios({
  method: 'POST',
  url: '/identity-server/connect/token',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  data: queryString.stringify({
    grant_type: 'client_credentials',
    scope: 'squidex-api openid profile email permissions',
    client_id: 'app:default',
    client_secret: '…',
    acr_values: 'subject:63d7aad1ec27df37b9eb2bb1', // That what I tried also
  }),
})

or I misunderstood the whole point?

Sebastian · February 8, 2023, 9:08am

Yes

You totally missed the point. As I said: You cannot get the access token of a user and nothing has changed. But you said you want to know who did what and you might be able to answer this with the history endpoint.

The actor string is just an identifier which either represents a client (client:<APP_NAME>:<CLIENT_ID>) or user (subject:<USER_ID>)

l2aelba · February 8, 2023, 9:21am

Oh ok, I misunderstood.

So that means it’s no way to create a post/page with existing user (by user id) also right?
(when access token from domain.com/app/settings/clients)

Sebastian · February 8, 2023, 9:23am

No, if you need that, you have to create a field for that and track it yourself.