Parsing User Profile From JWT

Question

Parsing User Profile From JWT

Opened this issue 4 years ago · 0 comments

This is a question about design. I noticed in your OAuth provider that you fetch the user's profile using the /userinfo endpoint of the Okta API. Assuming you are using OpenID connect, wouldn't it make more sense to get the user profile by parsing the token using https://github.com/okta/okta-jwt-verifier-php?

Just curious if I'm making a bad assumption here.