问题
I have implemented oAuth2 Implicit grant flow using IWebBrowser2 control, the authentication dialog box appears from openAM I have entered user name and password it give me access token. But how my application knows which user name is authenticated, I need this user name to be validated from my database also?
回答1:
If you request the "openid" scope you will get an access token along with a JWT token called "id_token". The JWT contains the user name.
You can also use the access token to call out to the userinfo endpoint - which will return a json response with the username.
See http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index/chap-openid-connect.html#openam-openid-implicit-client-profile
For more details.
There is a sample application that comes with the OpenAM source code. See https://wikis.forgerock.org/confluence/display/openam/OAuth+2.0%3A+Get+Started+with+the+Demo+Client for information on how to install it.
来源:https://stackoverflow.com/questions/21574101/openam-implict-grant-flow-username