I'm currently having trouble getting user-info after successful sign-in with AD FS. I setup my AD FS server and Web App by following Microsoft documentation.
token and access token after successful sign-in
I've also created relying party trust and claims provider and added scope to client and authUrl but nothing changed. The scope in the response body always remained openid, I ticked profile, email and openid in the settings.
const client = new oneLoginIssuer.Client({
client_id: configService.get<string>('CLIENT_ID'),
client_secret: configService.get<string>('CLIENT_SECRET'),
redirect_uris: [configService.get<string>('REDIRECT_URI')],
response_types: ['code id_token'],
});
this.client.authorizationUrl({
scope: 'profile openid email',
response_mode: 'form_post',
nonce: this.nonce,
});
Yes - that's by design.No idea why.
It's been like this for a while - at least since 2016!