访问令牌没有 openid 范围 [英] Access token does not have the openid scope

问题描述

我正在做 sso 示例(travelocity.com)示例.当我尝试使用此命令通过 oauth 访问令牌访问用户信息时，

I am doing sso sample(travelocity.com) example. When I am trying to access user info with oauth access token using this command,

curl -k -H "授权:承载 b68ba941c9da3d2644d8a63154d28"https://localhost:9443/oauth2/userinfo?schema=openid

curl -k -H "Authorization: Bearer b68ba941c9da3d2644d8a63154d28" https://localhost:9443/oauth2/userinfo?schema=openid

出现以下错误

{"error":"insufficient_scope","error_description":"访问令牌没有 openid 范围"}

{"error":"insufficient_scope","error_description":"Access token does not have the openid scope"}

请帮忙，谢谢

推荐答案

当您向授权端点发出第一个请求时，您必须在 scope 中包含 openid请求参数.OpenID Connect Core 1.0、3.1.2.1.身份验证请求如下所示.

When you make the first request to the authorization endpoint, you have to include openid in the scope request parameter. OpenID Connect Core 1.0, 3.1.2.1. Authentication Request says as follows.

范围

需要.OpenID Connect 请求必须包含 openid 范围值.如果 openid 范围值不存在，则行为完全未指定.可能存在其他范围值.应用程序不理解的范围值应该被忽略.有关本规范定义的其他范围值，请参阅第 5.4 节和第 11 节.

REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. See Sections 5.4 and 11 for additional scope values defined by this specification.

这篇关于访问令牌没有 openid 范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！