search

OpenIDC / mod_auth_openidc

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
Apache License 2.0
990 stars 327 forks source link

Return user's email #152

Closed ngoduykhanh closed 8 years ago

ngoduykhanh commented 8 years ago

Hi,

. I've setup the authentication successfully with the configs:

OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID <hide>.apps.googleusercontent.com
OIDCClientSecret <hide>

OIDCRedirectURI https://mydomain.com/app/redirect
OIDCCryptoPassphrase <password>
OIDCScope "openid email profile"
OIDCOAuthIntrospectionEndpointAuth client_secret_basic
OIDCOAuthRemoteUserClaim user_id

Alias /app "/usr/share/app/public"

<Directory "/usr/share/app/public">
    AuthType openid-connect
    Require valid-user

    ......

After passing the authentication step, from application, I can get the logged in username is 1063422166487xxxxxxx@accounts.google.com. How can I return the user's email address instead of their google id?

zandbelt commented 8 years ago

Use OIDCRemoteUserClaim email as documented in https://github.com/pingidentity/mod_auth_openidc/blob/master/auth_openidc.conf#L549