Cannot access UserInfo endpoint in IdentityServer4 doc example from Client

5
votes

I'm testing out IdentityServer4, going through the documentation in order to learn more about OAuth2, OpenId Connect and Claim-based authentication, all of which I'm new at. However, some of the example code behaves weirdly and I can't figure out why...

So from my understanding, when given permission to access user data, the client can reach out to the UserInfo endpoint, which contains data such as claims, etc.

In IdentityServer4 there's even a setting

GetClaimsFromUserInfoEndpoint

that the documentation recommends we set to true.

So I'm following the IdentityServer4 startup guides and everything works perfectly until a point. This Quickstart contains the example code provided, although I'm assuming that I'm missing something obvious and seeing the code is not required.

Based on the openId Configuration page of the running server, the userinfo endpoint is located at http://localhost:5000/connect/userinfo and when I try to access it via the browser I'm seeing a navbar which claims I'm logged in, but the body of the page is a signin prompt. Looks weird but I'm assuming that this is because I'm logged in at localhost:5000 (IdentityServer4), but I'm not sending the userId token which I got for the client on localhost:5002.

So I wrote the following code on my client app:

    public async Task<IActionResult> GetData()
    {
        var accessToken = HttpContext.Authentication.GetTokenAsync("access_token").Result;
        HttpClient client = new HttpClient();
        client.SetBearerToken(accessToken);

        var userInfo = await client.GetStringAsync("http://localhost:5000/connect/userinfo");

        return Content(userInfo);
    }

Here I know that GetTokenAsync("access_token") should work as it's used in other places in the example project by the client app that connect to an API. However, the responce I'm getting is again the layout page of IdentityServer and a log in prompt.

Any idea what my mistake is and how to access the UserInfo endpoint?

Edit: removed thread-blocking so that I don't show strangers shameful test code

Ok, so it turns out that this code should have a simplified version, namely:

        UserInfoClient uic = new UserInfoClient("http://localhost:5000", idToken);
        var result = await uic.GetAsync();


        return Content(JsonConvert.SerializeObject(result.Claims));

Yet, the problem persists, even the encapsulated code inside UserInfoClient hits the brick wall of "no user endpoint data, just the layout for the example website".

1
asp.net-coreopenid-connectidentityserver4
Ok, I have faced the same issue today. And In my case the access_token I've got was wrong. I've got a valid token using HttpContext.Authentication.GetAuthenticateInfoAsync("oidc") execution.valverde93
Ok, I have version control so I know I literally changed nothing, but now it works. I changed the flow from HybridWithClientCredentials to Hybrid, but even when I return it back to HybridWithClientCredentials GetStringAsync works as it should. Meanwhile the UserInfoClient still has this bug. I'm very confused...nikovn

1 Answers

-1
votes

It's probably little late to answer, but for anyone who is still stumbling upon this, try this ---

var accessToken = await HttpContext.Authentication.GetTokenAsync("access_token");

var client = new HttpClient();

client.SetBearerToken(accessToken);

var userInfoClient = new UserInfoClient("http://localhost:5000/connect/userinfo");

var response = await userInfoClient.GetAsync(accessToken);
var claims = response.Claims;

You can also get the list of claims on the client app like - 

var claims = HttpContext.User.Claims.ToList();

without calling the endpoint.