Replies: 2 comments 2 replies
-
|
Followup: we just tested with the newest release of mod_auth_openidc (2.4.19.3) and the first error message is slightly different now: |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Just for Info: I also tried to override the UserInfo Endpoint using |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We are using mod_auth_openidc (2.4.19.2) with EntraID. The access token does not have the scope [1] to call the userinfo endpoint (https://graph.microsoft.com/oidc/userinfo). This will lead to unsuccessful and thus unnecessary calls to the userinfo endpoint and also to errors in the logs [2].
My question: Is there a way to suppress calling the userinfo endpoint?
We use "OIDCRemoteUserClaim oid" to have a meaningfull user in the logs, but in my understanding that should be taken from the ID Token, not from the Userinfo Endpoint.
These are the relevant OIDC* Settings:
[1]
I even tried to add
https://graph.microsoft.com/User.Readto the scopes, but this did not work.[2]
Beta Was this translation helpful? Give feedback.
All reactions