S
Sachin Jose
I'm trying to access the openId userInfo endpoint for a user on ADFS(not hybrid), with the following request using WebClient API:
I have successfully created a new Application Group with a Server Application as well as a Web API and the OpenID Connect protocol. The client permission is checked with openid option. The Relying Party identifier is the same GUID as Client ID of the Server Application.
I have included {"scope", "openid"} during access token request. I am not looking for a custom token details, but only details from openid scope. As per my research only 'sub' value is accessible in this request. I would like to proceed with that.
While considering the access token and oauth authentication process, there is no issue with the access token and related procedures. But userinfo endpoint access fails.
The response fails with '401' Unauthorized error.
Event logs from ADFS server is listed below:
(1)Received request with following properties:
(2)Following request context headers present:
(3)UserInfoListener.ParseRequest: Cannot find access token in the request.
(5)UserInfoListener.WriteErrorResponse: The UserInfo endpoint meets error when process the request. Writing error response.
I appreciate any advice.
Continue reading...
Code:
//accessToken variable contains access token data
string userInfoURL = "https://[base-server-url]/userinfo;
Uri userInfoUri = new Uri(userInfoURL);
WebClient client = new WebClient();
client.Headers.Add(HttpRequestHeader.Authorization,"Bearer " + accessToken);
byte[] userInfoBytes = client.DownloadData(userInfoUri);
string response = Encoding.UTF8.GetString(userInfoBytes);I have successfully created a new Application Group with a Server Application as well as a Web API and the OpenID Connect protocol. The client permission is checked with openid option. The Relying Party identifier is the same GUID as Client ID of the Server Application.
I have included {"scope", "openid"} during access token request. I am not looking for a custom token details, but only details from openid scope. As per my research only 'sub' value is accessible in this request. I would like to proceed with that.
While considering the access token and oauth authentication process, there is no issue with the access token and related procedures. But userinfo endpoint access fails.
The response fails with '401' Unauthorized error.
Event logs from ADFS server is listed below:
(1)Received request with following properties:
Code:
Date: 2020-07-16 09:48:38
Remote endpoint: remote-ip(Not disclosing details)
Local endpoint: local-ip(Not disclosing details)
Http method: GET
Request Url: /adfs/userinfo
Query string: ?access_token=eyJ0eXAiOi....(Not disclosing details)
Local Port: 443
User agent string: -
Body data length: 0
Caller Identity: -
Certificate Identity: -
Relying Party: -
Through proxy: False
Proxy name: -
Serialized Header: {"Host":"[host-name(Not disclosing details)]","X-MS-Endpoint-Absolute-Path":"/adfs/userinfo"}(2)Following request context headers present:
Code:
X-MS-Client-Application: -
X-MS-Client-User-Agent: -
client-request-id: -
X-MS-Endpoint-Absolute-Path: /adfs/userinfo
X-MS-Forwarded-Client-IP: -
X-MS-Proxy: -
X-MS-ADFS-Proxy-Client-IP: -(3)UserInfoListener.ParseRequest: Cannot find access token in the request.
Code:
(4)Sending response at time: '2020-07-16 09:48:38' with StatusCode: '401' and StatusDescription: 'Unauthorized'.
Response headers set: {"WWW-Authenticate":"Bearer error=\"invalid_token\", error_description=\"MSIS9923: Received invalid UserInfo request. Access token is not present in the request. The access token needs to be carried in Authorization Request Header Field or Form-Encoded Body Parameter.\"","Content-Type":"text/html; charset=utf-8"}(5)UserInfoListener.WriteErrorResponse: The UserInfo endpoint meets error when process the request. Writing error response.
I appreciate any advice.
Continue reading...