Make /userinfo call optional and allow use of email claim from id_token

Created on 4 April 2023, over 1 year ago

Updated 25 September 2023, 10 months ago

Problem/Motivation

Microsoft suggest using the email claim from the ID Token and avoiding a call to the Userinfo endpoint.
"The information in an ID token is a superset of the information available on UserInfo endpoint. Because you can get an ID token at the same time you get a token to call the UserInfo endpoint, we suggest getting the user's information from the token instead of calling the UserInfo endpoint. Using the ID token instead of calling the UserInfo endpoint eliminates up to two network requests, reducing latency in your application." - https://learn.microsoft.com/en-us/azure/active-directory/develop/userinf...

In terms of my use case; we will be getting extended user data from a Web API post authN/authZ, so for the purpose of login, we require only a call to /token endpoint to retrieve id_token (to log user in), access_token and refresh_token (for use later with Web API).

Proposed resolution

Add support to omit a call to userinfo/graph
Add support to use "email" claim from ID Token

✨ Feature request

Status

Active

Version

1.0

Component

Code

Created by

🇬🇧United Kingdom davewilly

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @davewilly
Comment over 1 year ago →
🇬🇧United Kingdom davewilly
Comment about 1 year ago →
🇬🇧United Kingdom davewilly
Comment 10 months ago →
🇪🇬Egypt Mahmoud Helmy
log file for tokens
Comment 10 months ago →
🇪🇬Egypt Mahmoud Helmy

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024