brockallen
commented
6 years ago Userinfo is not for an API to consume. It's meant for a client to consume.
Closed mniak closed 6 years ago
brockallen
commented
6 years ago Userinfo is not for an API to consume. It's meant for a client to consume.
mniak
commented
6 years ago Please, help me understand the whole picture: Why wouln't be appropriate for an API to consume the UserInfo endpoint? How are the APIs supposed to fetch the info about the token's user?
brockallen
commented
6 years ago Please, help me understand the whole picture:
You will have to spend the time and read the specs, unless you're looking to hire us for consulting.
How are the APIs suppose fetch the info about the token's user?
Introspection or the claims are in the token itself.
mniak
commented
6 years ago I am realizing that I shouldn't call the UserInfo endpoint from the API, but rather configure my API's scope to include some the claims I want to know about.
Thanks
Would it be useful add an option that makes the middleware fetch the UserInfo endpoint and add these claims to the principal claims collection?
Many of my APIs are already doing this but on a whole new step.
I am willing to contribute if you thing this is relevant to the project and if I'm doing this the right way.