bastiand-12
commented
9 months ago fixed?
Open bastiand-12 opened 9 months ago
bastiand-12
commented
9 months ago fixed?
liayn
commented
3 months ago Does this provider conform to standards? Is it allowed to provide the user info via JWT by standards?
bastiand-12
commented
3 months ago from [1]: They can be requested to be returned either in the UserInfo Response, per Section 5.3.2, or in the ID Token, per Section 2.
[1] https://openid.net/specs/openid-connect-core-1_0.html#Claims
liayn
commented
3 months ago Thanks @bastiand-12 Wasn't aware of that.
Also Microsoft is following this approach with their Entra Services. The implementation for this is covered in a dedicated provider though (https://github.com/thenetworg/oauth2-azure).
Still I'd love to see this covered in the extension here as well.
bastiand-12
commented
3 months ago yes, there are only a few loc's and in my case it works since Sep 2023 without any problems. I would be happy if the piece of code was included.
i have to deal with a keycloak provider which doesn't provide an "oidcEndpointUserInfo". Therefor the resourceOwner Info is provided via the access Token in a so called JSON Web Token. with this PR i have changed the getUserFromAccessToken() with a few LOCs to handle this.