I want to authenticate a user's user name and password, and upon success, I want to use the token to get basic user information.
The grant type is Resource Owner Password grant with OpenID Connect.
However, there is a difference in how this is implemented in various identity providers. For example, OneLogin requires two requests to get the basic user information. While, Azure AD B2C and IdentityServer4 require one request.
Which implementation is the stardard of OpenID Connect? If OneLogin is used for my project, what best practices are available for platform portability?
OneLogin:
First Request:
Getting Token
Url: https://openid-connect.onelogin.com/oidc/token
Ref: https://developers.onelogin.com/openid-connect/api/password-grant
Result:
{
"access_token": "example",
"expires_in": 2313232,
"token_type": "Bearer",
"refresh_token": "example"
}
Second Request:
Getting User Info
URL: https://openid-connect.onelogin.com/oidc/me
Ref: https://developers.onelogin.com/openid-connect/api/user-info
Result:
{
"sub": "123",
"email": "[email protected]",
"preferred_username": "[email protected]",
"name": "My Name",
"updated_at": "2019-03-13T16:11:15Z",
"given_name": "My",
"family_name": "Name"
}