Open bastiand-12 opened 9 months ago
fixed?
Does this provider conform to standards? Is it allowed to provide the user info via JWT by standards?
from [1]: They can be requested to be returned either in the UserInfo Response, per Section 5.3.2, or in the ID Token, per Section 2.
[1] https://openid.net/specs/openid-connect-core-1_0.html#Claims
Thanks @bastiand-12 Wasn't aware of that.
Also Microsoft is following this approach with their Entra Services. The implementation for this is covered in a dedicated provider though (https://github.com/thenetworg/oauth2-azure).
Still I'd love to see this covered in the extension here as well.
yes, there are only a few loc's and in my case it works since Sep 2023 without any problems. I would be happy if the piece of code was included.
i have to deal with a keycloak provider which doesn't provide an "oidcEndpointUserInfo". Therefor the resourceOwner Info is provided via the access Token in a so called JSON Web Token. with this PR i have changed the getUserFromAccessToken() with a few LOCs to handle this.