On Mon, Mar 27, 2017 at 1:26 PM, Hanen Ben Rhouma <[email protected]> wrote:
> Thanks Farasath, > > That returned the sub attribute, how can I retrieve more information about > the user knowing that I'm using client_credentials as a grant type? > Does it make sense to use the client_credentials grant type to get a token with user information? AFAIK it is used to get an access token for the application to talk to an API/resource. Only user related here would be the developer who created this app, isn't it? > > Regards, > Hanen > > On Fri, Mar 24, 2017 at 8:17 PM, Farasath Ahamed <[email protected]> > wrote: > >> Hi Hanen, >> >> This error usually means that in the initially, you have obtained an >> access token that does not contain 'openid' scope and used it on the >> userinfo endpoint. Here, 'openid' is not related to the OpenID protocol. >> >> Can you try adding 'openid' as a scope in your initial OAuth2 token >> request and use that token to invoke the https://host:9443/oauth2/u >> serinfo endpoint? >> >> For example, >> If you are using password grant type, >> >> curl -k -v --user *<client_id>:<client_secret>* -d >> "grant_type=password&username=*<username>*&password=*<password>*&scope=scope1 >> openid" https://localhost:9443/oauth2/token >> >> And then do a get on the user info endpoint >> >> curl -k -H "Authorization: Bearer* <your_access_token_with_openid_scope>*" >> https://localhost:9443/oauth2/userinfo?schema=openid >> >> >> Thanks, >> Farasath. >> >> >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> On Fri, Mar 24, 2017 at 10:05 PM, Hanen Ben Rhouma <[email protected]> >> wrote: >> >>> Hi, >>> >>> Do I need extra params to invoke the userinfo endpoint ( >>> https://host:9443/oauth2/userinfo) ? >>> >>> I'm getting >>> "error_description": "Access token does not have the openid scope", >>> "error": "insufficient_scope" >>> >>> Eventhough I'm using Oauth2 without OpenID >>> >>> Regards, >>> Hanen >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
