wso2 identity server oauth userinfo only returns sub (revisited)

Question

I called this revisited since there are existing questions under the same title. These indicate that the problem described would be solved starting from IS V5.3. However I am using IS V5.7.0 and still have the problem that my userinfo call only returns something like {"sub":"Peter"} or an email address if so configured as " Subject Claim URI" under my SP. Whatever I do with "local claim" settings seems to have no effect in this scenario. In short it is a complete mystery to me on how to acquire more than a single attribute value from an open id connect call to ws02 IS.

All help appreciated

Thanks Peter

Answer 1

There was an issue already reported for versions below IS 5.3.0 and it was fixed with IS5.3.0 onwards. Please check the Jira here. I was able to invoke the userinfo endpoint in IS5.7.0 and able to get the claims successfully.

Sample request:

curl --location --request GET 'https://localhost:9443/oauth2/userinfo?scope=openid' \
--header 'Authorization: Bearer 7ca4671f-ab55-33b2-978e-b0795dacc1ef'
So please verify the following things.

Response:

{
    "country": "SL",
    "sub": "piraveena",
    "email": "piraveena@wso2.com"
}

So please verify the following things.

• Check whether you have configured those claims under claim configuration in the service provider.
• Only the claims listed under openid scope will be returned from userinfo endpoint. Also please make sure that those claims are added into openid scope. In the management console, Navigate to Manage > OIDC Scopes > List > Openid and check whether the requested claim from the SP is listed under the openid scope. Please check this documentation for configuring adding claims in openid scope
• Also verify whether the authenticated user has those relevant attributes in his user profile
• Also please check whether you were able to get the claims in id_token. If you have not configured the above steps properly, then you won't be able to get those claims in id_token as well.