[FEATURE] retrieving resource owner from JWT if no oidcEndpointUserInfo is set #127
Conversation
…pointUserInfo is set
| return false; | ||
| } | ||
| } else { | ||
| $this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); |
There was a problem hiding this comment.
retrieVE resource owner fROm
| } else { | ||
| $this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); | ||
| $jwt = $accessToken->getToken(); | ||
| $jwtDecoded = base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $jwt)[1]))); |
There was a problem hiding this comment.
missing blank spaces on that line between some arguments.
|
fixed? |
|
Does this provider conform to standards? Is it allowed to provide the user info via JWT by standards? |
|
from [1]: [1] https://openid.net/specs/openid-connect-core-1_0.html#Claims |
|
Thanks @bastiand-12 Also Microsoft is following this approach with their Entra Services. Still I'd love to see this covered in the extension here as well. |
|
yes, there are only a few loc's and in my case it works since Sep 2023 without any problems. |
liayn
changed the title
liayn
changed the title
i have to deal with a keycloak provider which doesn't provide an "oidcEndpointUserInfo".
Therefor the resourceOwner Info is provided via the access Token in a so called JSON Web Token.
with this PR i have changed the getUserFromAccessToken() with a few LOCs to handle this.