向IdentityServer4请求用户信息connect/userinfo时返回403

openid请求令牌时，您至少需要添加范围。像下面这样更改代码可能可以解决问题。

//Server
var clients = new List<Client>
{
    new Client
    {
        ClientId = "MyClientApp",                    
        AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,                    
        ClientSecrets =
        {
            new Secret("secret".Sha256())
        },
        AllowedScopes =
        {
            "myApi",
            "Role",
            IdentityServerConstants.StandardScopes.OpenId
        }
    }
};

//Client
var response = await _httpClient.RequestPasswordTokenAsync(new PasswordTokenRequest
{
    Address = _discoveryResponse.TokenEndpoint,
    ClientId = "MyClientApp",
    ClientSecret = "secret",
    Scope = "openid Role myApi",
    UserName = username,
    Password = password
});

 

您可以从https://github.com/IdentityServer/IdentityServer4/blob/master/src/Validation/Default/UserInfoRequestValidator.cs#L47查看源代码部分

 

来源：https://stackoverflow.com/questions/53986152/how-to-request-user-info-from-identityserver4