Authlete OAuth endpoint to retrieve claims data

Question

I'm trying to setup an authorization flow with Authlete, but I can't seem to figure out how I retrieve the claim data.

/auth/authorization <- gains me a ticket

/auth/authorization/issue <- allows me to set the claim data and retrieve token

However,

/auth/introspection <- does not return the claim data (just the list of claims)

/auth/userinfo <- does not return the claim data.

What is the endpoint to pass in the auth token and get the claim data?

Answer 1

I guess values of claim should be passed in string. (e.g. "claims": "{\"email\":\"mail@example.com\",\"email_verified\":true}") if not, you cannot retrieve the claim data.

Answer 2

/auth/introspection is an API to get information about an access token. Its response does not include any information about claims.

/auth/userinfo is an API to parse a request to your UserInfo Endpoint from a client application. Its response includes a list of claims whose values you are supposed to retrieve from your database.

The next step you should do is to pass the values of the claims to /auth/userinfo/issue API. The API's response contains a plain JSON or an ID token (which is a kind of JWT). Claim values are included there.

Please check the following open source repositories to see how Authlete APIs are called.

1. java-oauth-server (Authorization Server / OpenID Provider)
2. java-resource-server (Resource Server)
3. authlete-java-common (Wrapper library over Authlete APIs)
4. authlete-java-jaxrs (Utility library for JAX-RS)

You can find an example of UserInfo Endpoint implementation in UserInfoEndpoint.java (in java-resource-server). The UserInfoEndpoint class extends BaseUserInfoEndpoint class (in authlete-java-jaxrs).

Any additional questions are welcome. I'm a co-founder of Authlete and the one who has designed and implemented all the Authlete APIs :-)