Open stellamargonar opened 2 years ago
Sounds reasonable. Would you like to do a PR ?
Sure, here it is https://github.com/OCA/server-auth/pull/336
There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.
Module auth_oidc, Odoo 14.0 I have a OpenID provider configured in Odoo after installing the
auth_oidc
addon from this repository. Currently i'm working on Odoo 14, using https://github.com/OCA/server-auth/pull/261 and the provider is using OpenID Connect (authorisation code flow)It works, meaning that users can now login in Odoo with the OpenID provider, and the first time the user is created with the default template. The problem is that the only information that Odoo reads from the provider are the ones in the token, which is only the user id. Even though i configured all the endpoints (authentication, validation, token, jwks and data) the addon is not calling the validation and data (they are the same anyway) endpoint: this api would return all the user claims the client has access to, including email, that would be necessary to properly configure the user in Odoo.
Accordingly to the OpenID protocol seems like after the authorisation phase, the client should also send a request to the userinfo endpoint, but this is not implemented in
auth_oidc
.On the other side, i see that this particular call was present in the
auth_oauth
addon.I would suggest to add to the implementation of
addons.auth_oidc.models.res_users.ResUsers.auth_oauth
a call to the validation endpoint (if provided) similarly to what is done inauth_oauth
addon, and update thevalidation
dictionary with the result of the call.