getOIDCAccessToken (Session - Java)

It is used to acquire an access token from a Domino OIDC Provider for the current user as identified and authenticated by their ID file.

Defined in

Session (Java)

Data type

String

Syntax

public String getOIDCAccessToken(server, clientid, issuer, resource, scopes);

Usage

import java.io.PrintWriter;
import lotus.domino.*;

public class JavaAgent extends AgentBase {
    public void NotesMain() {
        try {
            Session session = getSession(); // Current Notes session
            AgentContext agentContext = session.getAgentContext();

            // Get session details
            System.out.println("User Name: " + session.getUserName());
            
            String server = new String("domino.example.com"); // Name of Domino Server to contact
            String clientid = new String("test_client"); // The client ID for your OAuth application
            String issuer = new String("https://provider.example.com/auth/protocol/oidc"); // Your issuer (Domino OIDC provider if empty string)
            String resource = new String(); // Requested resource (First configured audience for client if empty string)
            String scopes = new String(); // Requested scopes (Configured scopes for client if empty string)
            
            System.out.println("Calling session.getOIDCAccessToken() with server: " + server + ", clientid: " + clientid + ", issuer : " + issuer + ", resource" + resource + ", scopes: " + scopes);
            String token = session.getOIDCAccessToken(server, clientid, issuer, resource, scopes);
            System.out.println("OIDC Token: " + token);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Case inputs

1. Calling API with provider name as servername (failure):
    User Name: CN=admin user/O=malipeddi
    Calling session.getOIDCAccessToken() with server: provider.example.com, clientid: test_client, issuer : https://provider.example.com/auth/protocol/oidc, resource: , scopes: 
    NotesException: Notes error: You are not allowed to route through this server
    at lotus.domino.local.Session.getOIDCAccessToken(Session.java:1530)
    at JavaAgent.NotesMain(Unknown Source)
    at lotus.domino.AgentBase.runNotes(AgentBase.java:200)
    at lotus.domino.NotesThread.run(NotesThread.java:707)

2. Calling the API with server name as domino servername (successful):
    Calling session.getOIDCAccessToken() with server: domino.example.com, clientid: test_client, issuer : https://provider.example.com/auth/protocol/oidc, resource: , scopes: 
    OIDC Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6InZyOGU1WHI2WFNJX0kyU1F5T0tRU3pIZW9TX0Y4bmpIaXRXZ3llS1ExbzAifQ.eyJ0eXAiOiAiQmVhcmVyIiwiaXNzIjogImh0dHBzOi8vcHJvdmlkZXIubWFsaXBlZGRpLmxhYi9hdXRoL3Byb3RvY29sL29pZGMiLCJzdWIiOiAiQ049YWRtaW4gdXNlci9PPW1hbGlwZWRkaSIsImF1ZCI6ICJkb21pbm8ubWFsaXBlZGRpLmxhYiIsImlhdCI6IDE3NjMyODUwOTQsImV4cCI6IDE3NjMyODUzOTQsImF1dGhfdGltZSI6IDE3NjMyODUwOTQsInNjb3BlIjogImVtYWlsIERvbWluby51c2VyLmFsbCIsImNuIjogIkNOPWFkbWluIHVzZXIvTz1tYWxpcGVkZGkiLCJqdGkiOiAiZDk4ZjE2OTktOTQ3ZC1lMzJlLTkwZmItODY2YTE0OWYzYWRkIiwiY2xpZW50X2lkIjogInRlc3RfY2xpZW50IiwiZW1haWwiOiAiQ049YWRtaW4gdXNlci9PPW1hbGlwZWRkaSIsImdpdmVuX25hbWUiOiJhZG1pbiIsImZhbWlseV9uYW1lIjoidXNlciIsIm5hbWUiOiJhZG1pbiB1c2VyIn0.nYvQUnZJL3dIWtEqQ4lXz8ZpHs0Y_lS9QL5AIc8bBXjtt_SkZz5dRwiFDuzAhtcLfvpQqaS8KJqNqjSycQD0xg

3. Calling API with IP of the Domino server as the servername (successful):
    Calling session.getOIDCAccessToken() with server: 127.0.0.1, clientid: test_client, issuer : https://provider.example.com/auth/protocol/oidc, resource: , scopes: 
    OIDC Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6InZyOGU1WHI2WFNJX0kyU1F5T0tRU3pIZW9TX0Y4bmpIaXRXZ3llS1ExbzAifQ.eyJ0eXAiOiAiQmVhcmVyIiwiaXNzIjogImh0dHBzOi8vcHJvdmlkZXIubWFsaXBlZGRpLmxhYi9hdXRoL3Byb3RvY29sL29pZGMiLCJzdWIiOiAiQ049YWRtaW4gdXNlci9PPW1hbGlwZWRkaSIsImF1ZCI6ICJkb21pbm8ubWFsaXBlZGRpLmxhYiIsImlhdCI6IDE3NjMyODUxMTgsImV4cCI6IDE3NjMyODU0MTgsImF1dGhfdGltZSI6IDE3NjMyODUxMTgsInNjb3BlIjogImVtYWlsIERvbWluby51c2VyLmFsbCIsImNuIjogIkNOPWFkbWluIHVzZXIvTz1tYWxpcGVkZGkiLCJqdGkiOiAiNDI4NGUxMjgtZmUxZC03OTI4LTEwNGMtMTVjNGFkNmUwMjRhIiwiY2xpZW50X2lkIjogInRlc3RfY2xpZW50IiwiZW1haWwiOiAiQ049YWRtaW4gdXNlci9PPW1hbGlwZWRkaSIsImdpdmVuX25hbWUiOiJhZG1pbiIsImZhbWlseV9uYW1lIjoidXNlciIsIm5hbWUiOiJhZG1pbiB1c2VyIn0.8N0v07LJS-xEeK20E8lDzG2__BUJ-tUZlermmHiD0bVuPUrmERt6pIoDvAo1OButvGwrK2GOh70W3XrIXoy9Og

4. Calling API with issuer as "https://provider.example.com/" (failure):
    Calling session.getOIDCAccessToken() with server: domino.example.com, clientid: test_client, issuer : https://provider.example.com, resource: , scopes: 
    NotesException: Notes error: Network protocol error: message from server is too small
    at lotus.domino.local.Session.getOIDCAccessToken(Session.java:1530)
    at JavaAgent.NotesMain(Unknown Source)
    at lotus.domino.AgentBase.runNotes(AgentBase.java:200)
    at lotus.domino.NotesThread.run(NotesThread.java:707)

Note: This API might throw NotesException, in case of invalid arguments.