Replies: 1 comment 2 replies
-
|
I'm afraid I don't follow the question, please make your inquiry clearer. |
Beta Was this translation helpful? Give feedback.
-
|
Openid-connect specification indicates that token_endpoint received in https:...openid-connect-discovery response should be use in the authorization code flow to to exchange the authorization code for id_token. However, openid-client uses userinfo_endpoint instead. userinfo_endpoint is spec'd as being recommened in the https:...openid-connect-discovery response not required. Why does openid-client module depend and use userinfo_endpoint instead of token_endpoint? |
Beta Was this translation helpful? Give feedback.
-
Well, it doesn't? In order to obtain an access token, with which the strategy consumer can opt-in to obtain userinfo response with, an authorization code is exchanged at the token endpoint first. |
Beta Was this translation helpful? Give feedback.
-
Trying to use openid-client with Azure b2c which is not returning userinfo-endpoint in response to https:...openid-connect-discovery-1_0.html. While investigating, I discovered that openid specification authorization code flow is spec'd to use tokeninfo_endpoint not userinfo_endpiont. I don't see any provision in openid-client module to configure this. Why?
Beta Was this translation helpful? Give feedback.
All reactions