Closed d7oc closed 1 year ago
So this optimisation request is about the research to check why the user information cannot be fetched from the token and thus a further call is needed which slows the login process down.
It is quite "normal" that the user info endpoint is called in the regular OAuth/OpenId-Connect flow to get user information. Some IdPs use JWT others not.
Not much to do here from my pov.
thus a further call is needed which slows the login process down.
One additional call should not cause any big distractions. The information as returned by the user info endpoint is cached and this additional call only applies to the login.
We can handle it like this. I just want to outline that the procedure in OneLogin also takes longer compared to e.g. MS Azure AD. And it "feels" longer than a single call. Detecting what exactly causes this delay would have been part of this FR.
As documented on https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/onelogin-setup.html the OIDC app also works with OneLogin. It just requires
use-access-token-payload-for-user-info
to be set tofalse
as the app is somehow unable to get the user information from the access-token.So this optimisation request is about the research to check why the user information cannot be fetched from the token and thus a further call is needed which slows the login process down.