I m working on a React application that integrates with Ory Ory Community #ory-copilot

I'm working on a React application that integrates...

orange-guitar-65918

03/13/2024, 6:07 AM

I'm working on a React application that integrates with Ory Hydra for user authentication. I'm having trouble with the response structure returned by the OIDC userinfo endpoint. Here's the relevant code and the issue: React Code: JavaScript const ory = new OidcApi( new Configuration({ basePath:

<http://localhost:4444>

, }) ); async function getUserInfo(accessToken: string) { console.log("Fetching user info..."); console.log(accessToken); const { data } = await ory.getOidcUserInfo({ headers: { Authorization: "Bearer " + accessToken }, }); console.log(data); } Problem: The response object I receive has a different structure than what's described in the Ory documentation: Ory Documentation (https://www.ory.sh/userinfo): My Json Response Data { "amr": ["password"], "aud": ["myclient"], "auth_time": 1710237207, "iat": 1710308756, "iss": "http://localhost:4444", "rat": 1710308756, "sub": "239b48b8-a87e-4fe3-b90a-023232e5a14b" } Are there common reasons for this structure mismatch? Could this be caused by incorrect Ory Hydra configuration? Might this be due to a version difference between my Ory Hydra instance and the documentation ? Is it possible that customizations on the Ory Hydra side are affecting the response? @chilly-king-10285

chilly-king-10285

03/13/2024, 6:07 AM

A message from kapa.ai

chilly-king-10285

03/13/2024, 6:07 AM

The structure of the response from the OIDC userinfo endpoint depends on the scopes and claims included in the access token used to call the endpoint. The response will include user attributes specified by the scopes in the access token. It's important to note that the

openid

scope must be one of the access token claims [source](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc). The response you're getting seems to be a standard OIDC response, which includes claims like

sub

(subject),

aud

(audience),

auth_time

(authentication time), etc. These are standard claims and their presence in the response is expected. The mismatch between the response structure and the Ory documentation could be due to several reasons: 1. Scopes and Claims: The scopes and claims included in the access token might not match the ones described in the Ory documentation. Ensure that the access token includes the necessary scopes and claims. 2. Custom Claims: If you have added any custom claims to the userinfo response, they will also be included in the response. Check if any custom claims have been added [source](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc#adding-custom-claims-to-the-userinfo-response). 3. Ory Hydra Configuration: The configuration of your Ory Hydra instance might be affecting the response structure. Check your Ory Hydra configuration to ensure it matches the requirements described in the Ory documentation. 4. Version Differences: There might be differences between the version of Ory Hydra you're using and the version described in the documentation. Check the version of Ory Hydra you're using and compare it with the version described in the documentation. Remember, the contents of the userinfo endpoint are publicly available, and should not include any sensitive information without the user's consent [source](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc#returning-a-signed-jwt-from-the-userinfo-endpoint).

21 Views

Open in Slack

Previous Next