In our setup we authenticate in OP with specified resource parameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.
The OP documentation suggests to use id_token claims instead of userinfo endpoint in this case.
Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if Resources is supplied.
Hi and thanks for this library!
In our setup we authenticate in OP with specified
resourceparameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.The OP documentation suggests to use
id_tokenclaims instead of userinfo endpoint in this case.Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if
Resourcesis supplied.