The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
For the resource owner password grant, the Kratos identity ID is now written to the sub claim, and the username is written to the ext.username claim. Further, token hooks are called for the initial token issuance as well as refresh flows for access tokens issued via the resource owner password grant, allowing users to customize the fields present in the access token (for the jwt strategy) as well as on introspection.
[ ] I confirm that this pull request does not address a security
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.sh) from the maintainers to push
the changes.
[ ] I have added tests that prove my fix is effective or that my feature
works.
For the resource owner password grant, the Kratos identity ID is now written to the
subclaim, and the username is written to theext.usernameclaim. Further, token hooks are called for the initial token issuance as well as refresh flows for access tokens issued via the resource owner password grant, allowing users to customize the fields present in the access token (for thejwtstrategy) as well as on introspection.Related issue(s)
Related fosite PR: https://github.com/ory/fosite/pull/831 Related: https://github.com/ory-corp/cloud/issues/6955
Checklist
Further Comments