search

brocaar / chirpstack-application-server

ChirpStack Application Server is an open-source LoRaWAN application-server.
https://www.chirpstack.io
MIT License
501 stars 326 forks source link

Introduce use_userinfo and assume_email_verified options for OIDC #695

Closed gavanfantom closed 2 years ago

gavanfantom commented 2 years ago

use_userinfo is a configuration option which allows the user to configure whether OIDC claims should be taken from the ID token (as per the OIDC design) or whether a separate call should be made to the UserInfo endpoint in order to take the claim from there. This works around issues with some identity providers, and prior to this commit, the workaround was permamently enabled. Set use_userinfo to true in order to preserve this behaviour.

assume_email_verified means that the email_verified claim will always be assumed to be present and true, regardless of what the identity provider sends. This is particularly useful for certain providers like Azure AD which don't normally send the email_verified claim.

Fixes #619

JaMurphSmi commented 2 years ago

Really happy to see this PR raised. Was learning up on GO to figure out how to do it myself, thanks for implementing both AND adding the AssumeEmailVerified flag. Will really open up the use cases that can be fulfilled

brocaar commented 2 years ago

Thanks @gavanfantom, this is great :-) I will review this shortly, and also port this to ChirpStack v4 :-)