1. 技术文章
  2. wso2 identity server oauth userinfo only returns sub

wso2 identity server oauth userinfo only returns sub

自闭症网瘾萝莉.ら 提交于 2019-12-01 01:05:40

It seems the logic to return claims by UserInfo Endpoint for scope openid is only the intersection of claims configure at OIDC file and claims configured in SP level are returned. Based on this logic I was able to solve this problem by following steps.

  1. WSO2 IS default openid scope is bound to set of predefined claims. You can configure this using oidc file found in /_system/config/oidc as in following screenshot.

  2. Say for eg. if you want to get user's email address using openId scope by default it should comes with userInfo endpoint because "email" scheme is set-up by default (see above screenshot)
  3. According to default claims

Look at values of Claim Uri and Mapped Attribute of the email claim at http://wso2.org/oidc/claim dialect

  1. Now you need to add correct http://wso2.org/claims claim which is mapped to the email claim in http://wso2.org/oidc/claim to the SP configuration. You can find it using same Mapped Attribute. i.e. For this example there is a same "Email" claim in http://wso2.org/claims.

  2. Add "Email" claim in http://wso2.org/claims to the SP configuration

Now for the request

curl -k -H "Authorization: Bearer 8b2805a7-5b74-33ee-84df-2a8c53a16f6c" https://localhost:9443/oauth2/userinfo?schema=openid

you would get response

{"sub":"admin@carbon.super","email":"admin@wso2.com"}

The issue you are facing seems to be reported in [1]. Issue is originally reported for IS 5.1.0 and there were some inconsistencies in 5.2.0 release. According to the jira this will be fixed in 5.3.0 release, which is scheduled to release soon.

[1] https://wso2.org/jira/browse/IDENTITY-4250

标签
wso2
wso2is
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!