Hi Hanen, In order to get a set of user claims, you can configure the claims as requested claims in the Service Provider configuration.
And from IS 5.2.0 onwards we have introduced OpenIDConnect claim scopes. When you are requesting an OIDC token, you can specify a scope value that is bound to a set of claims, in your case you have specified the "openid" scope. And with OpenIDConnect claim scopes in IS 5.2.0, when you invoke the user info endpoint with that OIDC token, only the claims which are common in both OIDC scope configuration and SP configuration will be returned. If you need, you can add any claim as supported claims for a scope in oidc-scope-config.xml (or you can configure this using 'oidc' file found in the registry at /_system/config/oidc) and configure that in SP requested claims, in order to retrieve that claim when invoking the user info endpoint. Thanks and Regards On Mon, Mar 27, 2017 at 1:26 PM, Hanen Ben Rhouma <[email protected]> wrote: > Thanks Farasath, > > That returned the sub attribute, how can I retrieve more information about > the user knowing that I'm using client_credentials as a grant type? > > Regards, > Hanen > > On Fri, Mar 24, 2017 at 8:17 PM, Farasath Ahamed <[email protected]> > wrote: > >> Hi Hanen, >> >> This error usually means that in the initially, you have obtained an >> access token that does not contain 'openid' scope and used it on the >> userinfo endpoint. Here, 'openid' is not related to the OpenID protocol. >> >> Can you try adding 'openid' as a scope in your initial OAuth2 token >> request and use that token to invoke the https://host:9443/oauth2/u >> serinfo endpoint? >> >> For example, >> If you are using password grant type, >> >> curl -k -v --user *<client_id>:<client_secret>* -d >> "grant_type=password&username=*<username>*&password=*<password>*&scope=scope1 >> openid" https://localhost:9443/oauth2/token >> >> And then do a get on the user info endpoint >> >> curl -k -H "Authorization: Bearer* <your_access_token_with_openid_scope>*" >> https://localhost:9443/oauth2/userinfo?schema=openid >> >> >> Thanks, >> Farasath. >> >> >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> On Fri, Mar 24, 2017 at 10:05 PM, Hanen Ben Rhouma <[email protected]> >> wrote: >> >>> Hi, >>> >>> Do I need extra params to invoke the userinfo endpoint ( >>> https://host:9443/oauth2/userinfo) ? >>> >>> I'm getting >>> "error_description": "Access token does not have the openid scope", >>> "error": "insufficient_scope" >>> >>> Eventhough I'm using Oauth2 without OpenID >>> >>> Regards, >>> Hanen >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Indunil Upeksha Rathnayake Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
