Is it possible to get user details (attributes belonging to the resource owner) from ForgeRock's OpenAM using an OAuth 2 access token?
I have a trusted SPA UI that is able to get an access token from OpenAM using the Resource Owner Password Credentials Grant type. However, that access token gives me no information about the resource owner. The token_info
endpoint similarly gives me no information.
OpenAM seems to have endpoints for listing user attributes, but expects a JWT as means of authentication for the request.
How can I get user attributes from an access token?
There is a userinfo endpoint that will return user attributes. In OpenAM 13.0, the data returned by the endpoint is scriptable. In prior versions it is mapped to scopes.
The sample client application is helpful to understand how this works:
https://github.com/ForgeRock/openid