The oidc specifications says that when authorization code is used and access token is returned email is returned from UserInfo endpoint and id_token has email when no access token was issued.
The Claims requested by the profile, email, address, and phone scope values are returned from the UserInfo Endpoint, as described in Section 5.3.2, when a response_type value is used that results in an Access Token being issued. However, when no Access Token is issued (which is the case for the response_type value id_token), the resulting Claims are returned in the ID Token.
Can you please extend oidc provider implementation to use userinfo endpoint?
Hello,
The oidc specifications says that when authorization code is used and access token is returned email is returned from UserInfo endpoint and id_token has email when no access token was issued.
Can you please extend oidc provider implementation to use userinfo endpoint?