[SOLVED] Access OAuth response in a custom policy

Access OAuth response in a custom policy

According docs, if I need include external idp token in a response, I need this code:

<ClaimsProvider>
  <DisplayName>Facebook</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="Facebook-OAUTH">
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
      </OutputClaims>
      ...
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

Are there any explanations about such syntax - PartnerClaimType="{oauth2:access_token}"? What else can I reference except access_token, refresh_token? How "object structure" for oauth2 looks like? Does only oauth2 available, or something else also?

Solution

The values you can use are documented in the page about claim resolvers.

For your case, check the section: OAuth2 identity provider. It lists the available options as:

{oauth2:access_token}
{oauth2:token_type}
{oauth2:expires_in}
{oauth2:refresh_token}