UserInfo
Last updated
Last updated
The userinfo_endpoint need the access_token. If it's in session, you don't need to give it back.
The id_token is required to verify the sub claim. If it's in session, you don't need to give it back.
The library support the response in json format and jwt (jwt signed by the OP with a key known in it's jwks_uri endpoint or signed with the client_secret).
userinfo_endpoint not set
Some OP don't give an userinfo_endpoint (Dropbox is an example). If the contents of the id_token is enough for you, you can get the result of the payload
If you call $client->userInfo() but the OP don't have the userinfo_endpoint set, you will get an Svgta\OidcException