I’m developing a Jira plugin using Forge and setting up authentication with AWS Cognito. I need the fetch
to send an id_token
to my API and need to get access to the user email on the token. However, an access_token
is being sent instead and no email info. I am following the Atlassian tutorial on using dynamic profiles with external authentication (https://developer.atlassian.com/platform/forge/implement-a-dynamic-profile-retriever-with-external-authentication/).
How can I configure my Forge app to ensure the id_token
is sent instead of the access_token
?
My manifest.yml:
function:
- key: resolver
handler: index.handler
providers:
auth:
- cognito-auth
- key: cognito-profile
handler: auth.retriever
...
actions:
authorization:
remote: aws-cognito
path: /oauth2/authorize
exchange:
remote: aws-cognito
path: /oauth2/token
revokeToken:
remote: aws-cognito
path: /oauth2/revoke
retrieveProfile:
remote: aws-cognito
path: /oauth2/userInfo
function: cognito-profile
My auth.js:
export const retriever = (response) => {
console.log(response)
const { status, body: externalProfile } = response;
console.log(externalProfile);
if (status === 200) {
return new AuthProfile({
id: externalProfile.sub,
displayName: externalProfile.email || externalProfile.name,
avatarUrl: externalProfile.picture,
});
} else {
throw new Error(
`Could not determine profile information. HTTP ${status}`
);
}
};