After integrating the WebProvider for ActiveDirectoryFederationServices from preview 4.1.0-preview-1.23108.18, a 401 occurs after the frontchannel redirect and userinfo call.
Probably this is due to the behavior described here: ADFS 4.0 (2016) OpenID Connect userinfo endpoint returns 401 when provided with access token.
Apparently the attachment of the resource = urn:microsoft:userinfo is missing.
In my experience when trying to hit the ADFS OIDC userinfo endpoint you need to pass a querystring key value pair (resource=urn:microsoft:userinfo)
The retrieval and validation of the token was successful.
The token response returned by https://[redacted]/adfs/oauth2/token/ was successfully extracted: {
"access_token": "[redacted]",
"token_type": "bearer",
"expires_in": 3600,
"resource": "8f238a5c-2dea-42cd-80eb-abf7638fcadd",
"refresh_token": "[redacted]",
"refresh_token_expires_in": 26751,
"scope": "openid",
"id_token": "[redacted]"
}.
Is there any way to set the resource or disable the retrieval of user info?
