Open im4everok opened 9 months ago
im4everok
commented
9 months ago I can see that incoming 'request' during userWrite /user login stages contains"oauth_userinfo" - which has the desired 'picture' property. I have assigned that 'picture' as one of properties of 'prompt_data' object, but still to no avail - token claims wasn't affected. I would be extremely grateful for any advice on the matter.
BeryJu
commented
9 months ago Since logging in with google and logging into an application are two separate steps, the data needs to be saved somewhere
before the user_write stage, you can assign the picture property into prompt_data['attributes.picture'] which will save it to the picture attribute of the user logging in
then to pass the data to and application you'll have to create a Scope Mapping which returns something like this:
return {
'picture': request.user.attributes.get("picture")
}and select that in the provider. Also make sure that the OAuth application requests the specified scope name of the mapping
im4everok
commented
9 months ago Thanks a lot, that helped! I have no idea why did that work though, and i didn't see that covered in documentation. Its quite frustrating to set up authentik flows to be honest :(
Is it possible to keep some/all claims of Google tokens after logging-in using GCP project ? I'm interested particularly in
'picture'claim from google id token to fetch photo of user's google profile by URL.