Comments (4)
The spec has this to say:
http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
The Claims requested by the
profile
,address
, andphone
scope values are returned from the UserInfo Endpoint, as described in Section 5.3.2, when aresponse_type
value is used that results in an Access Token being issued. However, when no Access Token is issued (which is the case for theresponse_type
valueid_token
), the resulting Claims are returned in the ID Token.
This is currently not implemented, i.e. additional claims are always returned from the UserInfo endpoint. We also don't support response_type=id_token
yet, or the claims
parameter which would allow the client to specify where each claim should be returned (see http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).
I don't have any plans to implement this yet, but I want to improve the UserInfo endpoint so it filters any Standard Claims that aren't covered by the requested scopes.
from doorkeeper-openid_connect.
https://github.com/aisensiy/doorkeeper-openid_connect I have a fork and implement a way to extend the claims in id token.
from doorkeeper-openid_connect.
See related discussion in #40
from doorkeeper-openid_connect.
Also note that support for response_type=id_token
was added recently in #45
from doorkeeper-openid_connect.
Related Issues (20)
- Overriding AuthorizationsController in Development Mode HOT 2
- Can `.well-known/openid-configuration` return an alternate uri for `jwks_uri` HOT 1
- fix issuer {} for `.well-known/openid-configuration` using blocks HOT 1
- Is it possible to configure and use Authentication Context Class References?
- `/.well-known/openid-configuration` crashes when `Doorkeeper.config.allow_token_introspection` is false HOT 1
- Shouldn't controllers inherit `Doorkeeper::ApplicationMetalController`? HOT 1
- Using `root_url` in `#webfinger_response` can violate specification
- `access_grant_class` is broken. HOT 7
- Possible to disable `client_secret_basic` for `token_endpoint_auth_methods_supported`?
- RP-initiated logout post_logout_redirect_uri is not validatable
- Broken with Doorkeeper v5.6.3
- uninitialized constant Doorkeeper::JWT::JWK in 1.8.4 HOT 8
- OpenID working with rails app HOT 5
- Support for sessions and session_state HOT 1
- Support multiple devise models
- `kid` value in headers in different format after upgrading from 1.8.3 to 1.8.5 HOT 2
- Missing v1.8.5 tag HOT 2
- NameError: uninitialized constant Doorkeeper::JWT::JWK HOT 6
- kid is different for different versions of doorkeeper-openid_connect HOT 1
- Certificate verify failed from SSL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doorkeeper-openid_connect.