Get userinfo from ADFS 2016, react, ADAL.js

Question

I've been stuck on this issue for a while now, I'm using ADAL.js on the front-end to handle login and authentication. Once logged in I need to get the info for the user (roles, groups, name etc...) however I can't get anything back from the /adfs/userinfo endpoint other than a 401.

So far I log the user in and get back an id_token and access token (or "adal.access.token.key{guid}" in the browser) which is identical to the access key. Due to a cors issue on the front-end I then send this to a back-end mvc core 2.2 controller to make the call to /adfs/userinfo which is where I get the 401. Javascript code below

this.adalAuthentication.Instance.acquireToken(this.adalAuthentication.Instance.config.clientId, (error, token) => {
                    if (error || !token) {
                        console.log('ADAL Error Occurred: ' + error);
                        return;
                    }
                    axios({
                        method: 'get',
                        url: '/identity/completeLogin/' + token,
                        headers: {
                            'Authorization': 'Bearer ' + token
                        }
                    }).then((response) => { console.log(response.data) });

                });

And controller action...

[HttpGet("completeLogin/{access_token}")]
    public async Task<HttpResponseMessage> CompleteLogin(string access_token)
    {
        var client = new HttpClient();
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("OAuth" + access_token);
        var response = await client.GetAsync("https://adfs.server/adfs/userinfo");

        response.EnsureSuccessStatusCode();
        try
        {
            response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html");
            return response;
        }
        catch (Exception e)
        {
            throw(e);
        }
    }

At this point I'm stumped, I'm thinking I either can't use ADAL for this or perhaps need to use oidcinstead of OAuth/jwt but I don't want to have to rewrite lots just to find out that doesn't work either or there's a better/best practice way of doing it. Has anyone had this issue before and/or can point me in the right direction or can see where I'm going wrong?

Other things I've tried;

• hitting adfs/oauth/token endpoint (just returns with adfs server error)
• setting Authorisation on the backend to client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer" + access_token); (just returns invalid token).
• Making the front and backend a post method and using the getCachedToken method on the ADAL AuthenticationContext

EDIT: I also have this question open with a the slightly more specific goal of getting an access token with the id token

Answer 1

There's a Postman sample here.

Be aware that "userinfo" only returns a "sub" claim.