2

So I have began practicing and using Identity Server 4, my goal is to have an authentication and authorization server for all the applications within my organization. I got to the point where I can log in correctly to my identity server from a third application and get my access_token and it works nicely.

The second step is to get my userinfo inside my access_token but when I decode it I get this:

{
  "nbf": 1505250392,
  "exp": 1505253992,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "SecretAPIEndpoints"
  ],
  "client_id": "SecretClient",
  "sub": "ebf3fcad-6ab3-4bcd-88ce-0c5794ebdffa",
  "auth_time": 1505250391,
  "idp": "local",
  "scope": [
    "openid",
    "SecretAPIEndpoints"
  ],
  "amr": [
    "pwd"
  ]
}

So if I use this token I can make my endpoints work correctly but I want to get it one step further and get my SPA to show my user first name and last name and also their email and roles.

I haven't found documentation or examples to make this happen, so any bit of help would be greatly appreciated.

V. Benavides
  • 533
  • 1
  • 7
  • 21

1 Answers1

1

If you want to consume identity data in JS-based client app, ask for an id_token in addition to an access token.

https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • The URL errors out on me in Firefox because of SSL issues. Also, it might help OP to link to the needed piece of IdS4 docs ([this one](http://docs.identityserver.io/en/release/endpoints/authorize.html) I think?). – Jeroen Sep 13 '17 at 07:15