Guides

Get Logged In User

Retrieve the Details of the Currently Logged-In User

Suggest Edits

A logged-in user is an individual who has successfully authenticated their identity within the system, thereby gaining access to personalized features and data.

To facilitate this access, we utilize an internally generated access token as a credential for authenticating and authorizing API requests on behalf of users or applications.

How to Retrieve the Logged-In User

  1. Understand the OAuth 2.0 Flow
    To access the logged-in user’s information, the application must authenticate the user and obtain an access token. This token is then used to request user information from a resource server. The general process includes:
    1. Authorization Request
      The client directs the user to the authorization server for login and consent.
    2. Authorization Grant
      Once the user approves, the server issues an authorization code or token.
    3. Access Token Exchange
      The client exchanges the authorization code (if applicable) for an access token.
    4. API Call
      The client uses the access token to request the logged-in user's details from the resource server.
  2. Use the Appropriate Grant Type
    Select the OAuth 2.0 grant type that suits your application. Commonly used grant types include:
    1. Authorization Code Grant _(recommended for web and mobile _apps)
      Ensures secure token exchange.
      The logged-in user authenticates directly with the authorization server.
    2. IImplicit Grant (for browser-based apps)
      Directly issues an access token but has limited use due to security concerns.
    3. Password Grant (not recommended)
      Uses the user's credentials directly but is discouraged for public-facing apps.
    4. Client Credentials Grant
      Used for server-to-server interactions, not suitable for retrieving user details.
  3. Request an Access Token
    Once the user authenticates, the client exchanges the authorization code for an access token by making a POST request to the token endpoint.
  4. Use the Access Token to Get User Info
    After obtaining the access token, make a request to the resource server's user info endpoint to retrieve the logged-in user’s details.
  5. Handle the Response
    Use the returned data to identify the logged-in user and provide personalized experiences in your application.
    Example:
    1. Display the user’s name and profile picture.
    2. Pre-fill forms with the user’s email.
  6. Secure the Process
    1. Use HTTPS
      Always ensure that all communication happens over a secure HTTPS connection.
    2. Validate the Token
      Check the validity and expiration of the access token.
    3. Use Short-Lived Tokens
      Tokens should expire quickly and be refreshed when needed.
    4. Handle Errors Gracefully
      Account for scenarios like token expiration or invalid tokens.

Updated 4 months ago