-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Supporting IdPs that only have "sub" claims in UserInfo (continuing #310) #367
Conversation
Not all IdPs provide a `username` or `email` claim in the UserInfo response.
I'm sorry for all the dumb commits and merge conflicts, I shoulda rebased off master, realized the PR I based this off of was outdated. I'm still learning the finer points of go modules. |
Saw your remediation of the the jwt library, so I'm not too worried about the WhiteSource CVE. PS: I'm deep in OIDC/OAuth specs nowadays, and the "audience can be a string, or array of strings" is an all-timer crazy decision. Sure, looks a minor thing, just some extra brackets in some json. But I've come across so many implementations of trying to map that laissez faire json to an object and none of them are great. It's a tricky problem to solve! |
This is probably horribly out of date now |
Picking up PR #310
Had to make a couple of fixes to get
go get
to work with hcl/printer, and then had to update vegeta. But I built a docker container, ran this against my custom OIDC that only givesub
back on UserInfo, and it works like a dream!Tagging @bnfinet, their enthusiasm and kindness made me wanna put in some effort to make this change happen!