- Issue created by @davewilly
Microsoft suggest using the email claim from the ID Token and avoiding a call to the Userinfo endpoint.
"The information in an ID token is a superset of the information available on UserInfo endpoint. Because you can get an ID token at the same time you get a token to call the UserInfo endpoint, we suggest getting the user's information from the token instead of calling the UserInfo endpoint. Using the ID token instead of calling the UserInfo endpoint eliminates up to two network requests, reducing latency in your application." - https://learn.microsoft.com/en-us/azure/active-directory/develop/userinf...
In terms of my use case; we will be getting extended user data from a Web API post authN/authZ, so for the purpose of login, we require only a call to /token endpoint to retrieve id_token (to log user in), access_token and refresh_token (for use later with Web API).
Active
1.0
Code