Identityserver4: Accessing /connect/userinfo endpoint

Created on 23 May 2017  路  5Comments  路  Source: IdentityServer/IdentityServer4

I am using the sample application available with IdentityServer4 : Quickstart6_AspNetIdentity.sln

Using the ro.client, I am able to get the token.

image

But when I am using the same token to get the userinfo, I am getting 403 Forbidden error in the same sample. Using the sample as it is.

Don't know if it is a bug or I am missing something in the parameters. Following all the parameters as mentioned in the document:

https://identityserver4.readthedocs.io/en/release/endpoints/userinfo.html

picture satyajit-behera

All 5 comments

Got this one working. Was missing the scope = openid

satyajit-behera picture satyajit-behera on 23 May 2017
🎉1

I got same issue 403

  Bearer token found in header

dbug: IdentityServer4.Endpoints.UserInfoEndpoint[0]
Token found: AuthorizationHeader
trce: IdentityServer4.Validation.TokenValidator[0]
Start access token validation
fail: IdentityServer4.Validation.TokenValidator[0]
Checking for expected scope openid failed
{
"ValidateLifetime": true,
"AccessTokenType": "Jwt",
"ExpectedScope": "openid",
"Claims": {
"nbf": 1497450527,
"exp": 1497457727,
"iss": "http://localhost:44314",
"aud": [
"http://localhost:44314/resources",
"cvan"
],
"client_id": "backend_web",
"sub": "ea741559-1398-4d53-ba69-32ce504f95df",
"auth_time": 1497450527,
"idp": "local",
"openid": "ea741559-1398-4d53-ba69-32ce504f95df",
"email": "[email protected]",
"phonenumber": "1234567890",
"scope": [
"cvan",
"offline_access"
],
"amr": "password"
}
}
fail: IdentityServer4.Endpoints.UserInfoEndpoint[0]
insufficient_scope
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.ProtectedResourceErrorR
esult
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 171.3543ms 403
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
Connection id "0HL5J66K317FR" completed keep alive response.

Any suggestions please..

jitheshts picture jitheshts on 14 Jun 2017
👍1

As the error suggest, Checking for expected scope openid failed

When requesting for token you need to add openid scope... then it should wrork.

rosdi picture rosdi on 25 Aug 2017
👍1

Yes, but i think here is the problem that you didn't said where or how to add.
@jitheshts You need to add them both in client request for login(in body as scope=values), and in Client definition on server side (AllowedScopes).

bokisha picture bokisha on 8 Sep 2017

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mackie1001 picture mackie1001  路  3Comments
leastprivilege picture leastprivilege  路  3Comments
garymacpherson picture garymacpherson  路  3Comments
createroftheearth picture createroftheearth  路  3Comments
chrisrestall picture chrisrestall  路  3Comments