Feature #17037

[controller] Improve use of given_name/family_name fields for generic OpenID Connect providers

Added by Tom Clegg over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Login
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

Current behavior:
  • when Google People API is in play, get "given_name" and "family_name" fields from the People API response.
  • otherwise, use the "name" field from the ID token returned from access token verification, and split on whitespace.
Desired behavior:
  • before falling back to the "name" field in the ID token, check whether "first_name" and "family_name" are available from the userinfo endpoint, and use them if so.

Additionally, although "given_name", "family_name", and "name" are all standard claims we could make the claim names configurable, in case some providers only offer this info in non-standard claims.


Related issues

Related to Arvados - Feature #16669: Accept OpenID Connect access tokenResolved09/24/2020

History

#1 Updated by Tom Clegg over 1 year ago

  • Description updated (diff)

#2 Updated by Tom Clegg over 1 year ago

Also available in: Atom PDF