This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I thought an access token is required to authorize the Userinfo endpoint, but is it an ID token instead of an access token?
When I tried it, authorization failed with the access token, but authorized with the ID token.
In the "Test the policy" chapter it states:
Copy the id_token in its encoded format from the https://jwt.ms website.
But the HTTP request written just below it is shown as an access token
Authorization: Bearer <your access token>
For my use case, I have an OIDC client with a fixed OIDC flow. For example, OIDC authentication for AWS ALB.
Thank you.
Thank you for your post and I apologize for the delayed response!
I understand that when testing the UserInfo endpoint, the instructions mention copying the id_token in its encoded format, which you can then use to submit a GET request, but within the code block it shows Authorization: Bearer <your access token>. Additionally, you were running into issues when using an Access Token but succeeded when using the ID Token.
I've reached out to our B2C product group for clarification on this and will update as soon as possible.
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
Thank you for your reply !
Does the Userinfo endpoint in B2C require an Access token? Is there something wrong with my configuration if the authorization fails with the access token?
@opqrshun
Thank you for your time and patience on this and I apologize for the delayed response!
I received an updated from our B2C product group and you can use both ID and Access Tokens with the UserInfo endpoint.
If you're following the UserInfo endpoint documentation and are having issues testing your policy with the Access Token, can you share any error messages that you're running into?
I hope this helps!
If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.
I'm late to try it, but I was able to access the Userinfo endpoint with the access token.
When getting an access token, I had to specify openid and B2C application ID in the scope.
Then, using the access token obtained with the scope of "openid xxxx-xxxx-xxxx-xxxx", I was able to obtain user data from the Userinfo endpoint.
Although this is a Japanese site, I posted a memo about the Userinfo endpoint settings in Azure AD B2C.
Azure (Azure AD B2C) + AWS (ALB)
https://zenn.dev/opqrshun/articles/aeb59ba5f8160f
Thank you!