Closed melanger closed 3 years ago
peppelinux
commented
3 years ago Ciao @melanger
unfortunately we have these subject types following the oidc official specs, here: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
Consider to install your own python package and configure it in your oidcop sub functions (you have them in the general configuration)
anyway I ask a revision to other friends that helps in releasing new versions of oidcop
melanger
commented
3 years ago @peppelinux I don't mean it as a new subject type (such as subject_type=raw), but as an alternative implementation of public ID. Maybe it could be RawPublicID? But yes, I can put this into a separate module.
The reason for this proposal is that with PublicID and SubjectID from oidcop it is not possible to use anything else than a SHA256 hash of userID+section_identifier+salt. It is not possible to use a raw user attribute (e.g. I already have eduPersonUniqueID so I do not need to hash it again) or to do other hashing (e.g. use the Hasher microservice in SATOSA instead).
peppelinux
commented
3 years ago @melanger I understand perfectly! let's take some more days and wait for the revision of roland and nikos, there's no hurry
allow passing already hashed IDs from backends or hashing in a microservice instead