0

I am using microsoft OidcClient for oauth2.0 for google accounts and I am getting

"sub claim is missing from userinfo endpoint" error."

Can anyone suggest if I am missing anything or doing anything wrong.

public async Task Authorize ()
{
    InitializeComponent ();

    var providerInformation = new ProviderInformation
    {
        IssuerName = "accounts.google.com",
        AuthorizeEndpoint = "https://accounts.google.com/o/oauth2/auth",
        TokenEndpoint = "https://oauth2.googleapis.com/token",
        //UserInfoEndpoint = "https://openidconnect.googleapis.com/v1/userinfo",
        UserInfoEndpoint = "https://www.googleapis.com/oauth2/v3/tokeninfo", 
        KeySet = new JsonWebKeySet()
    };

    var scope = "https://www.googleapis.com/auth/fitness.blood_glucose.read https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.blood_pressure.read"; https://www.googleapis.com/auth/fitness.blood_glucose.read https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.blood_pressure.read"; 

    var options = new OidcClientOptions
    {
        Authority = "https://accounts.google.com/o/oauth2/auth",
        ClientId = "xyz",
        Scope = scope,
        RedirectUri = "com.abc.xyzt:/oauthredirect",
        Browser = browser,
        ProviderInformation = providerInformation,
        //ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
        TokenClientCredentialStyle = IdentityModel.Client.ClientCredentialStyle.AuthorizationHeader
    };

    _client = new OidcClient(options);
    await _client.LoginAsync(new LoginRequest());
}

I am getting 6 different types of claims, but I am not getting JwtClaimTypes.Subject "sub" which the library is looking for. enter image description here

Can anyone help or suggest how to resolve this issue ?

Community
  • 1
  • 1
TheDeveloper
  • 1,127
  • 1
  • 18
  • 55

1 Answers1

1

I found the solution. I was providing too much information. Instead of letting the library figuring out based on service discovery endpoint.

public async Task Authorize ()
{
            var discovery = new DiscoveryPolicy
            {
                ValidateEndpoints = false,
                Authority = "https://accounts.google.com"
            };

            OidcClientOptions oidcClientOptions = new OidcClientOptions
            {
                Authority = "https://accounts.google.com",
                ClientId = "2345678",
                Scope = "https://www.googleapis.com/auth/fitness.body.read",
                RedirectUri = "com.abc.xyz",
                Browser = IoCRegistry.Locate<IBrowser>(),
                ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
                Policy = new Policy
                {
                    Discovery = discovery,
                    RequireAccessTokenHash = false 
                }
            };

           var _client = new OidcClient(oidcClientOptions);
           var result = await _client.LoginAsync(new LoginRequest());
}
TheDeveloper
  • 1,127
  • 1
  • 18
  • 55