Open VJalili opened 5 years ago
Hey @VJalili ! thanks for the input, we actually don't support email as a separate field, we bundle all the user info into the context field and provide that under the user
scope. The fact that you're not seeing an email in the email
field has to do with how we create users for different identity providers. I'm assuming you have Google configured as the IDP, and when we create users from Google profiles, we use their email as their username
. It's definitely a valid suggestion for us to also put that in the email
field for Google as well, I will create a ticket on our end to support this
we could additionally support the email
field as the OIDC spec defines, but then the email
field would end up outside the context
block, per the spec. Furher conformance to the optional features in OIDC are something we are continuing to pursue as well
When I set scopes in my authentication request to
['openid', 'user']
, I get an ID token whosecontext
decodes as:where
name
filed contains the email address, and theemail
field isnull
.I changed the scope to
['openid', 'user', 'email']
, but then I get theUnauthorized
exception:https://github.com/uc-cdis/fence/blob/31744be49ec0a56492d6a87a110c5af699f87189/fence/auth.py#L98-L104
because
email
is not a currently supported scope:https://github.com/uc-cdis/fence/blob/8337488620fad4ea32160d537e73c825cd93d18d/fence/jwt/token.py#L50-L56
I was wondering if can add a support for the
email
scope so a futurecontext
would decode as: