You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In our setup we authenticate in OP with specified resource parameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.
The OP documentation suggests to use id_token claims instead of userinfo endpoint in this case.
Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if Resources is supplied.
The text was updated successfully, but these errors were encountered:
Hi and thanks for this library!
In our setup we authenticate in OP with specified
resource
parameter to get an access token suited for particular audience. But the OP does not allow to use such tokens for userinfo endpoint — and it seems correct since the audience is an external API, not the OP itself.The OP documentation suggests to use
id_token
claims instead of userinfo endpoint in this case.Is it possible to add an option do disable userinfo request? Or maybe disable it implicitly if
Resources
is supplied.The text was updated successfully, but these errors were encountered: