Returning user claims like Name, Role etc... as part of token #249
-
|
Hi I am unable to persuade server to include User claims (Name, Role etc...) into token. So my API is not able to find it there (client is JS which takes this data from /userinfo and is happy with it). I believe that IDS4 can do that with AlwaysIncludeUserClaimsInIdToken . Do I missing something or if we add this feature in code, is there chance to be approved as PR ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hello, According to the OPENID RFC (https://openid.net/specs/openid-connect-core-1_0.html#UserInfo chapter 5.4) : "when a response_type value is used that results in an Access Token being issue then the claims requested by the "profile", "email", "address" and "phone" scope are returned from the UserInfo endpoint. However when no Access Token is issued, the resulting Claims are returned in the ID Token". If the response_type parameter is different to "id_token" then claims are not present in the id_token. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much, response_type in JS client really did the trick and now I have everything in token as I need. |
Beta Was this translation helpful? Give feedback.
Hello,
According to the OPENID RFC (https://openid.net/specs/openid-connect-core-1_0.html#UserInfo chapter 5.4) : "when a response_type value is used that results in an Access Token being issue then the claims requested by the "profile", "email", "address" and "phone" scope are returned from the UserInfo endpoint. However when no Access Token is issued, the resulting Claims are returned in the ID Token".
If the response_type parameter is different to "id_token" then claims are not present in the id_token.