OpenAM Implict grant flow username

Question

I have implemented oAuth2 Implicit grant flow using IWebBrowser2 control, the authentication dialog box appears from openAM I have entered user name and password it give me access token. But how my application knows which user name is authenticated, I need this user name to be validated from my database also?

Answer 1

If you request the "openid" scope you will get an access token along with a JWT token called "id_token". The JWT contains the user name.

You can also use the access token to call out to the userinfo endpoint - which will return a json response with the username.

See http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index/chap-openid-connect.html#openam-openid-implicit-client-profile

For more details.

There is a sample application that comes with the OpenAM source code. See https://wikis.forgerock.org/confluence/display/openam/OAuth+2.0%3A+Get+Started+with+the+Demo+Client for information on how to install it.