OpenAM - 使用 OAuth2 访问令牌获取用户详细信息? [英] OpenAM - Use OAuth2 Access Token to get User Details?

问题描述

是否可以使用 OAuth 2 访问令牌从 ForgeRock 的 OpenAM 获取用户详细信息(属于资源所有者的属性)?

Is it possible to get user details (attributes belonging to the resource owner) from ForgeRock's OpenAM using an OAuth 2 access token?

我有一个受信任的 SPA UI，它能够使用资源所有者密码凭据授予类型从 OpenAM 获取访问令牌.但是，该访问令牌没有提供有关资源所有者的任何信息.token_info 端点同样没有给我任何信息.

I have a trusted SPA UI that is able to get an access token from OpenAM using the Resource Owner Password Credentials Grant type. However, that access token gives me no information about the resource owner. The token_info endpoint similarly gives me no information.

OpenAM 似乎有 用于列出用户属性的端点，但需要 JWT 作为请求的身份验证方式.

OpenAM seems to have endpoints for listing user attributes, but expects a JWT as means of authentication for the request.

如何从访问令牌中获取用户属性?

How can I get user attributes from an access token?

推荐答案

有一个 userinfo 端点将返回用户属性.在 OpenAM 13.0 中，端点返回的数据是可编写脚本的.在之前的版本中，它被映射到范围.

There is a userinfo endpoint that will return user attributes. In OpenAM 13.0, the data returned by the endpoint is scriptable. In prior versions it is mapped to scopes.

示例客户端应用程序有助于理解其工作原理:

The sample client application is helpful to understand how this works:

https://github.com/ForgeRock/openid

这篇关于OpenAM - 使用 OAuth2 访问令牌获取用户详细信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！