Get user claims from access token not token id

I have an angular SPA client that authenticates against an authorization server. I get back both access token and token id. I have created a custom groups claim that sends back the groups the user belongs to.
now in my authorization server I have the option to include the groups claims in the access token or token id and not both! (not sure why!)
when I try to get the Identity claims in my client app (this.oauthService.getIdentityClaims())
the claims that I get are from the token id only… so I can’t get the groups because I only included them in the access token. I do need the access token so I can send it in my https header as a Bearer token so I can get authorized against my secured APIs (I have to match on aud and aud is in the access token only aud in token id is the clientId))

how can I get the user claims from the access token and not the token id? I am using
angular-oauth2-oidc

I think you can just create a claim that is included both into into id and access token like on the picture below

claims1552×362 10.8 KB

Thank you… I created the another claim that reference the same groups scope that gets included in the access token.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.