OIDC Provider UserInfo Endpoint Broken with JWT Plugin

Florian Amette · 2025-07-24T17:01:17.583Z

When `useJWTPlugin: true` is enabled in the OIDC provider, the `/oauth2/userinfo` endpoint becomes unusable because it tries to validate JWT access tokens against the database. 1. When useJWTPlugin: true, the token endpoint still generates database-stored access tokens (not JWTs). 2. The userinfo endpoint tries to look up these tokens in the database 3. OIDC clients can't access user information because the endpoint can't validate the tokens

When

useJWTPlugin: true

useJWTPlugin: true

useJWTPlugin: true

useJWTPlugin: true is enabled in the OIDC provider, the

/oauth2/userinfo

/oauth2/userinfo

/oauth2/userinfo

/oauth2/userinfo endpoint becomes unusable because it tries to validate JWT access tokens against the database.

When useJWTPlugin: true, the token endpoint still generates database-stored access tokens (not JWTs).
The userinfo endpoint tries to look up these tokens in the database
OIDC clients can't access user information because the endpoint can't validate the tokens

OIDC Provider UserInfo Endpoint Broken with JWT Plugin

Similar Threads

Similar Threads

Similar Threads