Storing additional information in the token possible?

[joshy]

Hi, sorry if this is a dumb question. I am getting the token and I need to store some additional information. The additional information is retrieved with an https service call to another system (imho that is irrelevant) and where do I store the result? So like to add additional values into the token and store it. So further calls to auth.get_user() has the information. I hope I explained it well enough. The https call to get additional information I would make before returning from the auth_response() call.

Thanks and with best regards
Joshy

[rayluo]

There are no dumb questions. :-)

The answer depends on what kind of additional info it is, and how long and where you would want to keep it.

The https call to get additional information I would make before returning from the auth_response() call.

If the information you get is based on the signed-in user, I suppose you would have to make that https call AFTER the user's successful sign-in, i.e. inside your @login_required(...)-protected view/function. Otherwise, how would you know whose information your https call is going to get?

The additional information is retrieved with an https service call to another system (imho that is irrelevant) and where do I store the result? So like to add additional values into the token and store it. So further calls to auth.get_user() has the information.

If you can live with making that extra call during every active session, you can simply store them into the session. Most if not all web frameworks support session. Please consult your web framework's community and/or docs. For example, this is how you do session in Flask. If you need long term storage, you need to use database for your project.

[joshy]

Thanks for you time. I am now storing the information in the session. If the information is not in the session it makes the request and stores it in the session. I am using flask but was using the Low-level API.

[rayluo]

I am using flask but was using the Low-level API.

Do you mean you use this low-level API instead of the Flask-specific API? If so, would you please why you made that choice? What scenario or feature that you think you have to use low-level api?

[joshy]

Yes, was using the low-level API because I left out the redirect_uri and didn't throw an error but it triggered the device login. This failed because I messed the configuration there as well. See #54 where I tried to tell why I went down that road. Maye an inline comment here https://identity-library.readthedocs.io/en/latest/flask.html what to put in redirect_uri would have kept me staying with the flask API.

[rayluo]

Understood. Sorry for that detour. I suppose, the low-level API forces you to setup redirect_uri, so, by that time you should have been able to switch back to the high-level API.

I'm fixing the docs to emphasize the recommendation to use redirect_uri. Let's move this topic to the other conversation.

All in all, the high-level APIs are tailored for each web framework (like this one for Flask) and they are designed to be more convenient than the low-level API. There shall not be a need to use low-level API.