Skip to content

/userinfo endpoint missing #563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bjornharvold opened this issue Jan 1, 2022 · 1 comment
Closed

/userinfo endpoint missing #563

bjornharvold opened this issue Jan 1, 2022 · 1 comment
Assignees
@sjohnr
Labels
status: duplicate A duplicate of another issue

Comments

@bjornharvold
Copy link

I'm not sure whether I should mark this as a feature request or a bug request. I'm also not sure if I a missing something. As this is a new feature, I am trying to figure out how this is done correctly.

Describe the bug
When looking at the openid-configuration document, the userinfo endpoint is not present.

To Reproduce
I've enabled the user info as described in OidcUserInfoTests.java. Specifically:

@Bean
	@Order(Ordered.HIGHEST_PRECEDENCE)
	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http, CorsConfigurationSource corsConfigurationSource) throws Exception {
		final OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer =
				new OAuth2AuthorizationServerConfigurer<>();

		authorizationServerConfigurer
				.authorizationEndpoint(authorizationEndpoint ->
						authorizationEndpoint.consentPage(CUSTOM_CONSENT_PAGE_URI)
				);

		final RequestMatcher endpointsMatcher = authorizationServerConfigurer
				.getEndpointsMatcher();

		// Custom User Info Mapper that retrieves claims from a signed JWT
		final Function<OidcUserInfoAuthenticationContext, OidcUserInfo> userInfoMapper = context -> {
			OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
			JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();

			return new OidcUserInfo(principal.getToken().getClaims());
		};
		
		http
				.cors().configurationSource(corsConfigurationSource)
				.and()
				.requestMatcher(endpointsMatcher)
				.authorizeRequests(authorizeRequests ->
						authorizeRequests.anyRequest().authenticated()
				)
				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
				.apply(authorizationServerConfigurer)
				.oidc(oidc -> oidc
						.userInfoEndpoint(userInfo -> userInfo
								.userInfoMapper(userInfoMapper)
						)
				);

		return http.build();
	}

Expected behavior
The /userinfo endpoint should be present under the openid_configuration document for external libraries to consume.
@bjornharvold bjornharvold added the type: bug A general bug label Jan 1, 2022
@sjohnr
Copy link
Contributor

sjohnr commented Jan 3, 2022

@bjornharvold, thanks for your interest in the project! I believe this is a duplicate of #488 (though the description does not mention openid-configuration specifically). I'm going to close this as a duplicate for now, but let me know if you feel I've missed anything.

@sjohnr sjohnr closed this as completed Jan 3, 2022
@sjohnr sjohnr self-assigned this Jan 3, 2022
@sjohnr sjohnr added status: duplicate A duplicate of another issue and removed type: bug A general bug labels Jan 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjornharvold @sjohnr