https://www.ory.sh/ logo
Join Slack
Powered by
Hi :wave: We’re evaluating Ory Network to be used ...
# ory-network
h
Hi 👋 We’re evaluating Ory Network to be used as an identity provider for an existing system. I’m trying to run an OAuth2 authentication flow, but have a problem with reliably getting an email in ID token JWT and in 
/userinfo
response. Will post the details in the thread.
I have an OAuth2 client configured with 
email
scope among others. I’m running the following simple scenario: • run 
ory perform authorization-code --scope openid,email …
• check the contents of 
ID TOKEN
returned • call 
/userinfo
with 
ACCESS TOKEN
On the first attempt I’m presented with a consent screen, where I give my consent for the requested scopes and check “Remember my decision”. As a result, I can get 
email
and 
email_verified
claims from both the ID token, and 
/userinfo
output. 👍 On the second attempt the consent screen is skipped, as expected, but both ID token and 
/userinfo
output do not have anything 
email
related. 😭 In another thread about getting more data in 
/userinfo
about a month ago @high-optician-2097 mentioned that a fix is coming. Has it landed already? If yes, should I file a bug report (to what project: network or hydra)? If not, is there an issue to track, or at least some ETA?
h
That’s quite strange and potentially a bug in our consent implementation. So you’re saying: 1. You perform an authorization code flow and accept the openid scope 2. Everything works as expected 3. You re-run the authorization code flow, the consent is skipped 4. You do not get an ID token, userinfo does not work Is that correct?
h
1. In the auth flow I accept every scope, namely 
openid
and 
email
2. correct 3. correct 4. I do get ID and Auth tokens, but the ID token and 
/userinfo
response no longer have 
email
and 
email_verified
claims.
h
oh, i see
here too - could you create an issue in ory/network? that way we can track progress on the bug fix 🙂
h
Ok, will do.
h
👍
h
h
epic ty
Open in Slack
PreviousNext
Powered by