Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
A simple implementation of userinfo endpoint #1201
The way it works is we create a signed jwt token as access_token (same claims as id token), on requesting /userinfo, it verifies the token and check it's not expired etc, and return the claims in json
IMHO, the full solution should involve the storage to implement similar logic for refresh_token. i.e. serialise access token and save in storage and retrieve upon requesting user info.
Because access token is opaque to the user, we can later roll in the proper solution without breaking API.
Whao, @jackielii !
I cannot thank you enough for this, honestly!
I will do exactly that. Thanks, please.