Skip to main content

Get social sign-in provider tokens

You can get the OIDC / OAuth 2.0 access, refresh, and ID tokens issued for the identity by social sign-in providers.

These tokens are issued only when the Identity:

  • Signs up with a social sign-in provider.
  • Links a new social sign-in provider to their account.

Run this command to get the Identity details that include the social sign-in provider tokens:

ory get identity "$identity_id" --project "$PROJECT_ID" \
-i oidc --format yaml

When the call is successful, the system returns the Identity details with the available social sign-in provider tokens:

{
"id": "IDENTITY_ID",
"credentials": {
"oidc": {
"type": "oidc",
"identifiers": [
"google:some-user"
"github:another-user"
],
"config": {
"providers": [
{
"subject": "some-user",
"provider": "google",
"initial_access_token": "********************",
"initial_refresh_token": "********************",
"initial_id_token": "********************",
},
{
"subject": "another-user",
"provider": "github",
"initial_access_token": "********************",
"initial_refresh_token": "********************",
"initial_id_token": "********************",
}
]
},
"created_at": "2022-10-08T12:17:18.834351+02:00",
"updated_at": "2022-10-08T12:17:18.834351+02:00"
}
},
"schema_id": "default",
"schema_url": "SCHEMA_URL",
"state": "active",
"state_changed_at": "2022-10-08T12:17:18.83324+02:00",
"traits": {
"subject": "foo.oidc@bar.com"
},
"verifiable_addresses": [
{
"id": "88da96df-0457-4d69-832d-5e70ef25055c",
"value": "foo.oidc@bar.com",
"verified": false,
"via": "",
"status": "",
"verified_at": null,
"created_at": "2022-10-08T12:17:18.83324+02:00",
"updated_at": "2022-10-08T12:17:18.834202+02:00"
}
],
"created_at": "2022-10-08T12:17:18.834043+02:00",
"updated_at": "2022-10-08T12:17:18.834043+02:00"
}

Encryption

The Ory Network encrypts these tokens per default at rest using XChaCha20 Poly1305.