If userInfoEndpoint is provided by property, I'd like the application to fetch claims by making a request to the userinfo endpoint.
Is it possible to implement this feature?
Why is this needed:
Hi, PipeCD dev team.
Since the release v0.49.0, I have been trying to configure SSO using Generic OIDC.
Our team is using Okta as an identity provider.
I'm encountering an issue where Okta doesn't seem to be returning custom claims within the ID token.
The Documentation says the following:
The full set of claims for the requested scopes is available via the /oauth2/v1/userinfo endpoint. Call this endpoint using the access token.
What would you like to be added:
If
userInfoEndpointis provided by property, I'd like the application to fetch claims by making a request to the userinfo endpoint. Is it possible to implement this feature?Why is this needed:
Hi, PipeCD dev team. Since the release v0.49.0, I have been trying to configure SSO using Generic OIDC. Our team is using Okta as an identity provider. I'm encountering an issue where Okta doesn't seem to be returning custom claims within the ID token. The Documentation says the following:
https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/#scope-dependent-claims-not-always-returned
it seems that the
userInfoEndpointproperty in SSOConfigOIDC isn't being used.(authorizationEndpointandtokenEndpointtoo) https://pipecd.dev/docs-v0.49.x/user-guide/managing-controlplane/configuration-reference/#ssoconfigoidcThese are additional references from Okta. https://support.okta.com/help/s/article/How-To-Add-Custom-Profile-Attributes-As-Claims-In-a-ID-Token-or-userinfo?language=en_US https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/userinfo