-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] retrieving resource owner from JWT if no oidcEndpointUserInfo is set #127
base: master
Are you sure you want to change the base?
Conversation
…pointUserInfo is set
return false; | ||
} | ||
} else { | ||
$this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
retrieVE resource owner fROm
} else { | ||
$this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); | ||
$jwt = $accessToken->getToken(); | ||
$jwtDecoded = base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $jwt)[1]))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing blank spaces on that line between some arguments.
fixed? |
Does this provider conform to standards? Is it allowed to provide the user info via JWT by standards? |
from [1]: [1] https://openid.net/specs/openid-connect-core-1_0.html#Claims |
Thanks @bastiand-12 Also Microsoft is following this approach with their Entra Services. Still I'd love to see this covered in the extension here as well. |
yes, there are only a few loc's and in my case it works since Sep 2023 without any problems. |
i have to deal with a keycloak provider which doesn't provide an "oidcEndpointUserInfo".
Therefor the resourceOwner Info is provided via the access Token in a so called JSON Web Token.
with this PR i have changed the getUserFromAccessToken() with a few LOCs to handle this.