Project

General

Profile

Actions

Feature #17037

open

[controller] Improve use of given_name/family_name fields for generic OpenID Connect providers

Added by Tom Clegg almost 4 years ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Login
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

Current behavior:
  • when Google People API is in play, get "given_name" and "family_name" fields from the People API response.
  • otherwise, use the "name" field from the ID token returned from access token verification, and split on whitespace.
Desired behavior:
  • before falling back to the "name" field in the ID token, check whether "first_name" and "family_name" are available from the userinfo endpoint, and use them if so.

Additionally, although "given_name", "family_name", and "name" are all standard claims we could make the claim names configurable, in case some providers only offer this info in non-standard claims.


Related issues

Related to Arvados - Feature #16669: Accept OpenID Connect access tokenResolvedTom Clegg09/24/2020Actions
Actions #1

Updated by Tom Clegg almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by Tom Clegg almost 4 years ago

Actions #3

Updated by Peter Amstutz over 1 year ago

  • Release set to 60
Actions #4

Updated by Peter Amstutz 7 months ago

  • Target version set to Future
Actions

Also available in: Atom PDF