In our setup we authenticate in OP with specified resource parameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.
The OP documentation suggests to use id_token claims instead of userinfo endpoint in this case.
Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if Resources is supplied.
Hi and thanks for this library!
In our setup we authenticate in OP with specified
resource
parameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.The OP documentation suggests to use
id_token
claims instead of userinfo endpoint in this case.Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if
Resources
is supplied.