I have an angular SPA client that authenticates against an authorization server. I get back both access token and token id. I have created a custom groups claim that sends back the groups the user belongs to.
now in my authorization server I have the option to include the groups claims in the access token or token id and not both! (not sure why!)
when I try to get the Identity claims in my client app (this.oauthService.getIdentityClaims())
the claims that I get are from the token id only… so I can’t get the groups because I only included them in the access token. I do need the access token so I can send it in my https header as a Bearer token so I can get authorized against my secured APIs (I have to match on aud and aud is in the access token only aud in token id is the clientId))
how can I get the user claims from the access token and not the token id? I am using