So I have began practicing and using Identity Server 4, my goal is to have an authentication and authorization server for all the applications within my organization. I got to the point where I can log in correctly to my identity server from a third application and get my access_token and it works nicely.
The second step is to get my userinfo inside my access_token but when I decode it I get this:
{
"nbf": 1505250392,
"exp": 1505253992,
"iss": "http://localhost:5000",
"aud": [
"http://localhost:5000/resources",
"SecretAPIEndpoints"
],
"client_id": "SecretClient",
"sub": "ebf3fcad-6ab3-4bcd-88ce-0c5794ebdffa",
"auth_time": 1505250391,
"idp": "local",
"scope": [
"openid",
"SecretAPIEndpoints"
],
"amr": [
"pwd"
]
}
So if I use this token I can make my endpoints work correctly but I want to get it one step further and get my SPA to show my user first name and last name and also their email and roles.
I haven't found documentation or examples to make this happen, so any bit of help would be greatly appreciated.
If you want to consume identity data in JS-based client app, ask for an id_token in addition to an access token.
https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth