How can I get userinfo from the bearer token of RedHat Openshift?

Question

I have configured the OAuth client on RedHat OpenShift so that I can do SSO for my application using the inbuilt OAuth server of the RedHat OpenShift cluster. I got redirected to OCP login page, authenticated via OCP, and got the access_token as well. But now I want to get userinfo from the token I got. But it seems API /oauth/userinfo is not returning the user information. Getting this error when I try GET /oauth/userinfo

REST API /oauth/userinfo

Am I missing something?

Answer 1

The /oauth/userinfo is apparently not there. You can get the user information using OpenShift API itself /apis/user.openshift.io/v1/users/{name}

The thing that I was missing is that a current logged in user is returned when you put ~ (tilde) to the path, so GET /apis/user.openshift.io/v1/users/~

{
  kind: "User",
  apiVersion: "user.openshift.io/v1",
  metadata: {
    name: "kube:admin",
    selfLink: "/apis/user.openshift.io/v1/users/kube%3Aadmin",
    creationTimestamp: null,
  },
  identities: null,
  groups: [
    "system:authenticated",
    "system:cluster-admins",
  ],
}

As I'm using CodeReady containers for the development, I have URLs set up like this (Node.js/Next.js/next-auth):

export const OpenShiftOAuthProvider = {
  id: "openshift",
  name: "OpenShift",
  type: "oauth",
  version: "2.0",
  params: { grant_type: "authorization_code" },
  scope: "user:full",
  idToken: false,
  accessTokenUrl: "https://oauth-openshift.apps-crc.testing/oauth/token",
  profileUrl: "https://api.crc.testing:6443/apis/user.openshift.io/v1/users/~",
  authorizationUrl:
    "https://oauth-openshift.apps-crc.testing/oauth/authorize?response_type=code",
  clientId: "<yourclientid>",
  clientSecret: "<yourclientsecret>"
  async profile(profile) {
    return {
      id: profile.metadata.name,
      name: profile.metadata.name
    };
  },
};