Closed Emi94 closed 2 years ago
I've tried to look at https://github.com/zorn-v/nextcloud-social-login/blob/master/lib/Provider/CustomOAuth2.php to understand how to do what I need and doing something like:
$response->displayName = $response->attributes->displayName
$response->email = $response->attributes->email
Allows social login to recognize the displayName and email, where "attributes" is taken from what CAS returns. But this is more like a little hack. I there a way to do this from the web interface that I don't see or does this require the app to be modified?
OAuth2 fields (claims) is not standardized, so we have what we have. My proposal to configure it as OIDC provider not OAuth2. Seems Apereo CAS supports it https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html
@zorn-v Would you accept a pull request from one of our teams dev with solution?
Discourse for example allows to custom map email and displayName to what the OAuth2 provider returns. So in my case I used "attributes.email" and "attributes.displayName". Not sure how it is implemented as I'm not really a dev and didn't take a look, but there are solutions.
Also, I know CAS also supports OIDC, but can you please tell me why should I try it? Never worked with OIDC and don't know much about it.
but can you please tell me why should I try it?
It works more "standardized". E.g. standard field names (like display name, picture, user identifier etc) that it returns. OIDC like oauth extension.
Just when I wanted to start testing with OIDC, I came across an option for OAuth2 on CAS to "flatten" the attributes returned so it would look like:
{
"displayName": "Emilian Test",
"email": "emilian.mitocariu@domain.com",
"oauthClientId": "MyClientID",
"service": "MyClientID",
"id": "emilian.test",
"client_id": "MyClientID"
}
This solves my problem :smiley:, so I'll close this issue
PS: in case someone has the same problem with CAS and social login, this is the config:
cas.authn.oauth.user-profile-view-type=FLAT
(NESTED being the default value)
Hi, I've set a custom OAuth2 with an instance of Apereo CAS and login works. But I can't set it to recognize the user email and displayName.
This is how I set it (I've tried multiple combinations for "Scope" and "Profile Fields")![image](https://user-images.githubusercontent.com/11816318/124441895-dc841f80-dd84-11eb-9573-54587ed1269e.png)
And this is what CAS returns:
My guess is either "Scope" or "Profile Fields" needs some values, but not sure what they should be since they are not documented. Can you give me some pointers please?