fusionauth-typescript-client The retrieveUserInfoFromAccessToken doesn't return a UserResponse

The retrieveUserInfoFromAccessToken doesn't return a UserResponse

Instead, it returns a response that has the shape described in the docs

May 12 '21 10:05 adriano-di-giovanni

That's a good catch. We should fix it here: https://github.com/FusionAuth/fusionauth-client-builder/blob/master/src/main/api/retrieveUserInfoFromAccessToken.json

I think the correct object to return would be a UserInfoResponse

https://github.com/FusionAuth/fusionauth-client-builder/blob/master/src/main/domain/io.fusionauth.domain.oauth2.UserinfoResponse.json

May 12 '21 19:05 mooreds

UserInfoResponse is now defined as a Record<string, any>. Could it be more specific?

May 13 '21 07:05 adriano-di-giovanni

@adriano-di-giovanni hmmm. The userinfo response is defined by the OIDC specification. Here's a couple of relevant excerpts:

Upon receipt of the UserInfo Request, the UserInfo Endpoint MUST return the JSON Serialization of the UserInfo Response as in Section 13.3 in the HTTP response body

https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse

The parameters are serialized into a JSON object structure by adding each parameter at the highest structure level. Parameter names and string values are represented as JSON strings. Numerical values are represented as JSON numbers. Boolean values are represented as JSON booleans. Omitted parameters and parameters with no value SHOULD be omitted from the object and not represented by a JSON null value, unless otherwise specified. A parameter MAY have a JSON object or a JSON array as its value.

https://openid.net/specs/openid-connect-core-1_0.html#JSONSerialization

I'm no typescript expert, but this would seem to indicate that a record type is the correct type. Am I misunderstanding things? Is there an example of another typescript OAuth/OIDC library you can point me to that represents this object in a better way?

May 13 '21 14:05 mooreds

The UserinfoResponse type is correct but pretty vague. It would be nice to use a type describing the supported claims

interface UserinfoResponse {
  sub?: string;
  name?: string;
  given_name?: string;
  family_name?: string;
  // ...
}

as defined in the spec:

This specification defines a set of standard Claims. They can be requested to be returned either in the UserInfo Response, per Section 5.3.2, or in the ID Token, per Section 2

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

May 14 '21 08:05 adriano-di-giovanni

Thanks @adriano-di-giovanni

I opened up two issues in our main issue repo for tracking this. The original issue you reported is definitely a bug. If you'd like to submit a PR against the client library changing that, we'd welcome it, otherwise we'll try to get that fixed soon.

The suggestion here: https://github.com/FusionAuth/fusionauth-typescript-client/issues/54#issuecomment-841103083 is a new enhancement and I filed that as well. Less sure about when that will be done (juggling quite a few priorities right now).

May 14 '21 13:05 mooreds

@mooreds I thought the client library was generated. If so, what should be changed?

May 14 '21 13:05 adriano-di-giovanni

It is generated, you are correct.

For the bug, I think the change is as simple as modifying https://github.com/FusionAuth/fusionauth-client-builder/blob/master/src/main/api/retrieveUserInfoFromAccessToken.json to have a successResponse of UserinfoResponse.

The feature is a bigger effort, not quite sure what needs to be done there, probably creating a new domain object. We generate our domain objects from our java domain objects, so that is work that would have to be done internally, as I'm not sure what else it would affect.

May 14 '21 14:05 mooreds