Audit UserInfo type def

[JakeLo123]

Audit UserInfo type def.

Description

The UserInfo type definition should include all the properties that are liable to appear. I think it's only missing preferred_username atm, but it let's make sure.

Any changes need to be defined in each package in order to make types declarations available to the end user.

More Context

The userInfo property is the payload from GET /oauth2/userinfo. This type of userinfo response is an OIDC standard. (Docs for this endpoint)

This ticket was tipped off from #94

[mooreds]

See the changes to 1.50 too. From the release notes:

Applications now have a new Scope Handling Policy. The Strict option provides behaviors that are more compliant with the OIDC specification, while the Compatibility option provides backwards-compatible behavior. Specifically, Strict mode limits information in access tokens and populates Id tokens and UserInfo responses based on the requested OAuth scopes. This option also restricts the UserInfo endpoint to accepting only access tokens containing the openid scope.

https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/scopes#scope-handling-policy has more info.

[kasir-barati]

@mooreds So based on what I understood this endpoint GET /oauth2/userinfo should return user info based on OAuth scope, reflecting passed OAuth scope.

Is that right?

[mooreds]

@kasir-barati I'd have to review the doc. https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/endpoints#userinfo

I suggest you post in the community forum or open a support ticket, as that will probably get you a quicker response than tagging me.