Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Daniel Nashed's Blog

Notes 14.5.1 request OIDC token for Bearer authentication

Daniel Nashed – 17 February 2026 23:22:52

This is my favorite Notes 14.5.1 client/development feature.
To request resources via NotesHTTPRequest authentication usually needs a user/password.
The more modern approach is to request a JWT to authenticate.

A JWT iss issued for a limited time and allows access to servers who trust the configured OIDC provider.
This could be a Domino server or any other application using a Domino OIDC povider.
In one of my last posts I configured HashiCorp to trust a Domino OIDC provider.
With this new functionality you can request a JWT and use it with the NotesHTTPRequest as shown below.

1. Your Notes client uses it's Notes.ID to request a JWT -- very similar to it already can request LTPA tokens.
2. The JWT is used for REST type of requests from an API.


A LPTA token is more intended for web-browsers. But also applications like Sametime uses this type of authentication.
In future I can see more functionality on the Domino, Sametime and other applications to use JWTs.
Notes 14.5.1 EA1 introduced this function in Java. Notes 14.5.1 EA2 added a Lotus Script version of the function based on EAP forum feedback.

I can imagine many integrations where this new JWT token request will be a game changer.

Reference to 14.5.1 documentation

https://help.hcl-software.com/dom_designer/14.5.1/basic/H_GETOIDCACCESSTOKEN_METHOD.html


Example script

Sub Initialize
       
       On Error GoTo error_handler
       
       Dim session As New NotesSession
       Dim http As NotesHTTPRequest
       
       Dim Server As String
       Dim ClientID As String
       Dim Issuer As String
       Dim Resource As String
       Dim Scopes As String
       Dim Token As String
       Dim Url As String
       Dim Response As String
       
       ' --- OIDC configuration ---
       Server   = "oidc.nashcom.lab"
       ClientID = "oidc-nashcom-org"
       Issuer   = "https://oidc.nashcom.lab/auth/protocol/oidc"
       Resource = ""
       Scopes   = ""
       
       MessageBox "User Name: " & session.UserName
       
       ' --- Get OIDC access token ---
       Token = session.GetOIDCAccessToken(Server, ClientID, Issuer, Resource, Scopes)
       
       If Token = "" Then
               Error 1000, "No OIDC access token returned"
       End If
       
       Url = "https://pluto.nashcom.lab/access.nsf"
       
       Set http = session.CreateHTTPRequest()
       
       http.SetHeaderField "Authorization", "Bearer " & Token
       http.SetHeaderField "User-Agent", "HCL Notes 14.5.1 OIDC Test"
       
       Response = http.Get(Url)
       
       MessageBox "HTTP Status: " & http.ResponseCode & Chr(10) & Chr(10) & "Response:" & Chr(10) & Response
       
       Exit Sub

error_handler:

       MessageBox "Error " & Err & ": " & Error$
       Exit Sub
       
End Sub



Recent Entries

Feeds

Links

    Archives

    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]