[openstreetmap/openstreetmap-website] Add openid connect support using doorkeeper-openid_connect gem (PR #4226)
Milan Cvetkovic
notifications at github.com
Wed Sep 6 11:02:14 UTC 2023
@milan-cvetkovic commented on this pull request.
> + # normal_claim :_foo_ do |resource_owner|
+ # resource_owner.foo
+ # end
+
+ # normal_claim :_bar_ do |resource_owner|
+ # resource_owner.bar
+ # end
+ # end
+
+ claims do
+ claim :preferred_username, :scope => :openid do |resource_owner, _scopes, _access_token|
+ # Pass the resource_owner's preferred_username if the application has
+ # `profile` scope access. Otherwise, provide a more generic alternative.
+ resource_owner.display_name
+ end
+ end
`email` claim would normally go to `email` scope.
I was reluctant to offer email claim and scope due to it not being public information on OSM. If we add it, it appears that an application would be able to collect emails of OSM users, although with user's permission.
As for `profile`, I am guessing you had `profile` scope in mind, rather than claim. I wasn't really sure what claims to put into it.
`preferred_username` is sort of basic information, so I put it together with userid,
We could put other public information available in `/api/0.6/user/1.json` endpoint as part of `profile` scope. I didn't do it in this run, to simplify the PR. Also, I am not too sure how privileged accounts work (or should work) with Oauth
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4226#discussion_r1317111955
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4226/review/1613063997 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230906/c1c6411b/attachment.htm>
More information about the rails-dev
mailing list