search

pow-auth / assent

Multi-provider framework in Elixir
https://powauth.com
MIT License
391 stars 45 forks source link

Azure AD should expose more user info #98

Closed albertmoravec closed 2 years ago

albertmoravec commented 2 years ago

I'm currently struggling to find a way how to map additional claims from Azure AD provider into user_identity changeset.

These are the claims that Azure AD returns:

claims: %{
    "aud" => "93572ac3-0740-4aa5-ad35-18ba25d5fe22",
    "email" => "albert.moravec@keenmate.com",
    "exp" => 1642465568,
    "iat" => 1642461668,
    "iss" => "https://login.microsoftonline.com/6ee623a2-0b05-4ea4-b931-79c555955cb1/v2.0",
    "name" => "Moravec Albert",
    "nbf" => 1642461668,
    "oid" => "09cbdc15-ccf1-43e9-a2fb-8e9d9513d5cc",
    "preferred_username" => "albert.moravec@keenmate.com",
    "rh" => "0.AToAoiPmbgULpE65MXnFVZVcscMqV5NAB6VKrTUYuiXV_iI6AO4.",
    "roles" => ["administrator", "manager"],
    "sub" => "1ct7-HTE7-CM5h5H7009_9lRRLdHiAHt1hY30ogqji0",
    "tid" => "6ee623a2-0b05-4ea4-b931-79c555955cb1",
    "uti" => "5aLPSh0CRUW_doLHsZxjAA",
    "ver" => "2.0"
}

Since standard OpenID Connect mapping is used, all of the claims except the standardized ones are thrown away. Is there a way to override this behavior? I personally expected this to be doable at least on the Strategy level by customizing the normalize/2, but the user there is already stripped of all the claims.

danschultzer commented 2 years ago

I've fixed this in #100. I'll get #97 ready and probably release all this in v0.2.0. Everything except ID Token keys will be included in the params now.

danschultzer commented 2 years ago

v0.2.0 has been released 🎉

albertmoravec commented 2 years ago

Thank you very much!