Project

General

Profile

Actions
Copy link

Feature #17037

open

[controller] Improve use of given_name/family_name fields for generic OpenID Connect providers

Added by Tom Clegg over 3 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Login
Target version:
Future
Story points:
-
Release:
Postponed
Release relationship:
Auto

Description

Current behavior:
  • when Google People API is in play, get "given_name" and "family_name" fields from the People API response.
  • otherwise, use the "name" field from the ID token returned from access token verification, and split on whitespace.
Desired behavior:
  • before falling back to the "name" field in the ID token, check whether "first_name" and "family_name" are available from the userinfo endpoint, and use them if so.

Additionally, although "given_name", "family_name", and "name" are all standard claims we could make the claim names configurable, in case some providers only offer this info in non-standard claims.

Related issues

Related to Arvados - Feature #16669: Accept OpenID Connect access tokenResolvedTom Clegg09/24/2020Actions
Actions
Copy link
 #1

Updated by Tom Clegg over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Tom Clegg over 3 years ago

Actions
Copy link
 #3

Updated by Peter Amstutz about 1 year ago

  • Release set to 60
Actions
Copy link
 #4

Updated by Peter Amstutz about 2 months ago

  • Target version set to Future
Actions
Copy link

Also available in: Atom PDF