Some OpenID Identity Providers which support the openid scope, but for some reason do not fully support the /userinfo endpoint are currently not fully supported.
If you add the openid scope to the authorize request, the identity provider will return an "id_token" with the token response, which contains a JWT profile description. This id_token property is not looked at by wicked's auth server; typically you can workaround this by ticking the "retrieve profile from userinfo endpoint" in the auth server configuration, but in case the upstream identity provider does not support this (or returns an empty profile or similar), this will fail.
Wicked should support pulling the profile information directly from the id_token response from the token call.
Some OpenID Identity Providers which support the
openid
scope, but for some reason do not fully support the/userinfo
endpoint are currently not fully supported.If you add the
openid
scope to the authorize request, the identity provider will return an"id_token"
with the token response, which contains a JWT profile description. Thisid_token
property is not looked at by wicked's auth server; typically you can workaround this by ticking the "retrieve profile from userinfo endpoint" in the auth server configuration, but in case the upstream identity provider does not support this (or returns an empty profile or similar), this will fail.Wicked should support pulling the profile information directly from the
id_token
response from thetoken
call.