<div>
<div class="content wysiwyg-content">
Hi, Experts, 
 
I am building a node JS web app that will call REST API from one login user info. 
 
<a href="https://developers.onelogin.com/quickstart/authentication#web-app" rel="ugc">https://developers.onelogin.com/quickstart/authentication#web-app</a> 
 
spefically from 
 
<a href="https://github.com/onelogin/onelogin-oidc-node/tree/master/1.%20Auth%20Flow" rel="ugc">https://github.com/onelogin/onelogin-oidc-node/tree/master/1.%20Auth%20Flow</a> 
 
the goal is to attain this 
 
<a href="https://developers.onelogin.com/openid-connect/api/user-info" rel="ugc">https://developers.onelogin.com/openid-connect/api/user-info</a> 
 
but when you use the example curl request you get this: 
 
[code]curl -XGET &quot;<a href="https://openid-connect.onelogin.com/oidc/me" rel="ugc">https://openid-connect.onelogin.com/oidc/me</a>&quot;&nbsp;\ 
&gt;&nbsp;-H &quot;Authorization: Bearer 0e4e2d02323de1e71dda7843d968f20425965488d407fbc952927389b63517ac5663&quot; 
{&quot;error&quot;:&quot;invalid_token&quot;,&quot;error_description&quot;:&quot;invalid token provided&quot;}[/code] 
 
and 
 
[code]curl -XGET &quot;<a href="https://domain.onelogin.com/oidc/me" rel="ugc">https://domain.onelogin.com/oidc/me</a>&quot;&nbsp;\ 
&gt;&nbsp;-H &quot;Authorization: Bearer 0e4e2d02323de1e71dda7843d968f20425965488d407fbc952927389b63517ac5663&quot; 
{&quot;error&quot;:&quot;invalid_token&quot;,&quot;error_description&quot;:&quot;invalid token provided&quot;}[/code] 
 
the flow is API call goes to one login and one login passes access key so you can get user info. when you try to call user info you get an error. 
 
any help would be greatly appreciated. 
 
thank you
</div>
</div>

Hi, Experts,

I am building a node JS web app that will call REST API from one login user info. 

https://developers.onelogin.com/quickstart/authentication#web-app

spefically from

https://github.com/onelogin/onelogin-oidc-node/tree/master/1.%20Auth%20Flow

the goal is to attain this

https://developers.onelogin.com/openid-connect/api/user-info

but when you use the example curl request you get this:

[code]curl -XGET "https://openid-connect.onelogin.com/oidc/me" \
> -H "Authorization: Bearer 0e4e2d02323de1e71dda7843d968f20425965488d407fbc952927389b63517ac5663"
{"error":"invalid_token","error_description":"invalid token provided"}[/code]

and 

[code]curl -XGET "https://domain.onelogin.com/oidc/me" \
> -H "Authorization: Bearer 0e4e2d02323de1e71dda7843d968f20425965488d407fbc952927389b63517ac5663"
{"error":"invalid_token","error_description":"invalid token provided"}[/code]

the flow is API call goes to one login and one login passes access key so you can get user info. when you try to call user info you get an error. 

any help would be greatly appreciated. 

thank you

OneLogin User Provisioning - REST API Issues

Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js' package ecosystem, npm, is the largest ecosystem of open source libraries in the world.

Node.js

Web development includes all aspects of presenting content on intranets and the Internet, including delivery development, protocols, languages and standards, server software, browser clients, databases and multimedia generation.

Web Development

JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and  in almost every mainstream web browser.

JavaScript

Representational state transfer (REST) is an architectural style that gives a coordinated set of constraints to the design of components in a distributed hypermedia system used to design networked applications. RESTful systems typically communicate over Hypertext Transfer Protocol (HTTP) with the same HTTP verbs (GET, POST, PUT, DELETE, etc.) that web browsers use to retrieve web pages and to send data to remote servers. REST interfaces with external systems using resources identified by Uniform Resource Identifier (URI) that can be operated upon using standard verbs.

REST

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.