Open im4everok opened 9 months ago
I can see that incoming 'request' during userWrite
/user login
stages contains"oauth_userinfo"
- which has the desired 'picture'
property. I have assigned that 'picture'
as one of properties of 'prompt_data'
object, but still to no avail - token claims wasn't affected. I would be extremely grateful for any advice on the matter.
Since logging in with google and logging into an application are two separate steps, the data needs to be saved somewhere
before the user_write stage, you can assign the picture
property into prompt_data['attributes.picture']
which will save it to the picture attribute of the user logging in
then to pass the data to and application you'll have to create a Scope Mapping which returns something like this:
return {
'picture': request.user.attributes.get("picture")
}
and select that in the provider. Also make sure that the OAuth application requests the specified scope name of the mapping
Thanks a lot, that helped! I have no idea why did that work though, and i didn't see that covered in documentation. Its quite frustrating to set up authentik flows to be honest :(
Is it possible to keep some/all claims of Google tokens after logging-in using GCP project ? I'm interested particularly in
'picture'
claim from google id token to fetch photo of user's google profile by URL.