diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index 92b16fdf5f42..f56fe77f1f6d 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -70,9 +70,10 @@ type Configuration struct { Tenant string `json:"microsoft_tenant"` // SubjectSource is a flag which controls from which endpoint the subject identifier is taken by microsoft provider. - // Can be either `userinfo` or `me`. + // Can be either `userinfo` or `me` or `oid`. // If the value is `userinfo` then the subject identifier is taken from sub field of userinfo standard endpoint response. // If the value is `me` then the `id` field of https://graph.microsoft.com/v1.0/me response is taken as subject. + // If the value is `oid` then the the oid (Object ID) is taken to identify users across different services. // The default is `userinfo`. SubjectSource string `json:"subject_source"` diff --git a/test/e2e/shared/config.d.ts b/test/e2e/shared/config.d.ts index 9f3d60368bc7..0b1b53278107 100644 --- a/test/e2e/shared/config.d.ts +++ b/test/e2e/shared/config.d.ts @@ -271,7 +271,7 @@ export type AzureADTenant = string /** * Controls which source the subject identifier is taken from by microsoft provider. If set to `userinfo` (the default) then the identifier is taken from the `sub` field of OIDC ID token or data received from `/userinfo` standard OIDC endpoint. If set to `me` then the `id` field of data structure received from `https://graph.microsoft.com/v1.0/me` is taken as an identifier. */ -export type MicrosoftSubjectSource = "userinfo" | "me" +export type MicrosoftSubjectSource = "userinfo" | "me" | "oid" /** * Apple Developer Team ID needed for generating a JWT token for client secret */