[feature] OIDC: support identity providers without name in id_token #309
Comments
Yes :) I got OIDC in as quickly as possible a while ago because I wanted to be able to use Dex as an OIDC provider, but after getting it working I didn't test it with other providers. I think one solution here--rather than having separate interfaces per-provider--would be to allow more granular configuration under the |
tsmethurst
added
bug
|
Problem for Gitlab is, it does not provide the name in the I've seen something like a common base class and implementations for different provider quirks (yeah, for me they are quirks - maybe I'll go fix gitlab in this regard) and let the user choose one of that quite often - like in Gitlab's Omniauth |
|
We could add a config |
|
Just looked at the OIDC spec to find if I think I can build something to retrieve the additional claims from that route when some are missing :) |
tsmethurst
changed the title
|
Closed by accident! |
While trying to configure GTS to use my personal Gitlab as OIDC provider, it failed authenticating me since Gitlab does not set a
Nameclaim in theid_token. For now I patched my local code to use the local part of theEMailclaim instead, but this is only a hacky workaround.Is proper support for such IDPs wanted? I guess some kind of IDP interface to handle such quirks would be a good way to tackle this, users then configuring which kind of IDP it is (
Generic,Gitlab, ..) and the Gitlab implementation would make an API call to get the name.The text was updated successfully, but these errors were encountered: