How can I get access token of OIDC (Open ID Connect) provider?

Hi there,
We are developing a custom plugin in Kibana. We integrate our authentication with OIDC. Now we want to make external API requests from our custom plugin. These requests need the access token of the same OIDC provider. How can I get the provider OIDC token? What should be the approach?

Hi!
Here's some feedback by our security team, if it's possible to access that Token in Kibana:

it's not possible. It's ES that talks to OIDC Identity Provider and returns its own access/refresh token pair to Kibana.

Best,
Matthias

@matw , thanks for your answer. Is there any way to use elasticsearch as a relay between that external API and our custom plugin?

Sorry, there is no way to do what they are asking. Our realm is an authentication Realm and OpenID Connect is an authentication standard.Your use case seems to fall under delegation of authorization use cases ( i.e. closer to oAuth2 )
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.