Closed draganHR closed 5 years ago
mozilla-django-oidc
is designed to use userinfo
to get the claims. A workaround to what you describe is:
OIDC_STORE_ID_TOKEN
self.request.session
For more information:
Keep in mind that if you are using a cookie based session you might be leaking information to the client side so that needs careful handling.
Let me know if you need any further information. :rocket:
I need to enable authentication via ADFS (Windows Server 2016) and OpenID Connect.
It seems that the ADFS userinfo endpoint always returns only "sub" claim and i don't see any way of making it return other user detils:
However it is possible to customize
id_token
[1, 2] and add additional user details, such as email, username, groups, etc. Here is how myid_token
looks like now:Maybe i missed something but it seems that
mozilla-django-oidc
does not currently support using user details fromid_token
, is this correct?I am considering overriding
OIDCAuthenticationBackend.get_userinfo
orOIDCAuthenticationBackend.get_or_create_user
in order to useid_token
data instead ofuserinfo
, does that sound like a right approach?