Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
I have the following use case. I want to add custom information to user info so I try to follow WSO2 documentation and use IS provided extensions points especially UserInfoClaimRetriever that seems to be the correct one to use as stated there :
The problem is when I create my own implementation of org.wso2.carbon.identity.oauth.user.UserInfoClaimRetriever and properly configured in /repository/conf/identity/identity.xml, that extension point is most often not invoked at all.
I went through wso2 identity source code to check what was going on and saw that it seems to exist restriction for that extension point so that it could be invoked that is to say :
AuthorizationGrantCache must be enabled in identity.xml and it seems that not all oauth communication types raise this extension point. For instance password grantype do not raise this extension point whereas authorization code grandtype do.
If AuthorizationGrantCache cache is not enabled that is to say user attributes are not in cache then the extension point above mentionned is never raised and class org.wso2.carbon.identity.oauth.endpoint.util.ClaimUtil is used to finally query the corresponding user store.
I managed to get my custom UserInfoClaimRetriever implementation being invoked but only the above 1- scenario...
Could you elaborate a bit on that, because I am not sure that is the expected behavior?
In WSO2 IS documention, reader expects that the extension point would always be invoked whatever oauth communication type is used or cache enabled or not...
WSO2 documentation says :
This extension point can be used if the user claim set returned when invoking '/oauth2/userinfo' resource needs to be modified.
There is no restriction mentionned on a specific context or configuration for that extension point to be used.
Labels
Type: Bug
Priority: Normal
Labels: extension_improvement
Severity: Major
Estimated Complexity: Moderate
krishnilak
commented
3 years ago
I have the following use case. I want to add custom information to user info so I try to follow WSO2 documentation and use IS provided extensions points especially UserInfoClaimRetriever that seems to be the correct one to use as stated there :
https://docs.wso2.com/display/IS530/Extension+Points+for+OAuth#ExtensionPointsforOAuth-UserInfoClaimRetriever
The problem is when I create my own implementation of org.wso2.carbon.identity.oauth.user.UserInfoClaimRetriever and properly configured in/repository/conf/identity/identity.xml, that extension point is most often not invoked at all.
I went through wso2 identity source code to check what was going on and saw that it seems to exist restriction for that extension point so that it could be invoked that is to say :
AuthorizationGrantCache must be enabled in identity.xml and it seems that not all oauth communication types raise this extension point. For instance password grantype do not raise this extension point whereas authorization code grandtype do. If AuthorizationGrantCache cache is not enabled that is to say user attributes are not in cache then the extension point above mentionned is never raised and class org.wso2.carbon.identity.oauth.endpoint.util.ClaimUtil is used to finally query the corresponding user store. I managed to get my custom UserInfoClaimRetriever implementation being invoked but only the above 1- scenario...
Could you elaborate a bit on that, because I am not sure that is the expected behavior? In WSO2 IS documention, reader expects that the extension point would always be invoked whatever oauth communication type is used or cache enabled or not...
WSO2 documentation says : This extension point can be used if the user claim set returned when invoking '/oauth2/userinfo' resource needs to be modified.
There is no restriction mentionned on a specific context or configuration for that extension point to be used.
Labels Type: Bug Priority: Normal Labels: extension_improvement Severity: Major Estimated Complexity: Moderate
Issue migrated from: https://wso2.org/jira/browse/IDENTITY-7327