Oauth2 retrieve id token

For one of my use case I need to send the ID token from Google for HTTP call.
I looked at the different options, but only the access token seems to be made available.

How can I retrieve the ID token to send it as header for HTTP call ?

Thanks a lot

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Hi @Thomas_Griseau

Thanks for posting here and welcome to the community! :raised_hands:

I am not sure I understand your question correctly - but you can use the Generic Credential Type and set a customer Header Auth where you can specify the ID as a header to be sent in your HTTP request node.

Does this answer your question?

Hey Ria,

Unfortunately this doesn’t. When using Oauth, you have different kind of tokens that are generated cf : Token types  |  Authentication  |  Google Cloud

Today, the credential is retrieving the access token; but for some applications, it would be useful to retrieve the ID token instead.

This doesn’t seems possible today.

Hi @Thomas_Griseau

What exactly is your intention with the ID token? You should be able to get it through a HTTP request node using your Google OAuth2 Access Token credentials. Have you tried that already?

Some of our internal applications require an ID token in order to retrieve the identity of the caller.

I’m maybe missing something, but for Oauth I only see “Google Oauth 2 API” credentials. I don’t see any access token credentials.

Here’s more information on how access tokens are used within the Google OAuth2 that we implemented in n8n:

I think one way you can achieve to get the token IDs is by using the Google Identity API. You can make a call to /oauth2/v1/userinfo or /auth/userinfo.profile - have a look at their docs:

The reason why we don’t use ID tokens as part of our credentials is that we have a strict policy of not exposing any credentials data to end users .

I took a look, but unfortunately this doesn’t return the ID token of the user.

Ultimately I don’t need to have access to it, I would just need to specify if my credentials should use ID Token, or access token

is there any particular API requires you to use an ID token for auth?

my understanding is that id_token is a often signed string containing some identity related data, but isn’t meant to be send as an auth header on any request.

Those are internal APIs we have developed, where we need to check the identity of the caller, and have different permissions based on the identity.

You don’t have the same level of access inside the API, therefore the need to have access to identity information, and not only access token.

That’s an understandable use case. However n8n has a strict policy to not expose decrypted credentials to users, and the current oauth setup can only use access_token for auth headers.
I’m not sure how to make n8n work for this use-case, but I’ll think more about it, and If i come up with something, I’ll let you know.

I definitely understand the policy, and maybe we could have a way to send this ID token without having it exposed to the user ?

In reality, ID token are short lived (same is access token); so they’re more secure than using an API key for example

@netroy if that can help, what I need in reality is a Firebase ID token. I saw you don’t have any firebase auth method for now