[openstreetmap/openstreetmap-website] Add openid connect support using doorkeeper-openid_connect gem (PR #4226)
Milan Cvetkovic
notifications at github.com
Thu Sep 7 17:06:59 UTC 2023
@milan-cvetkovic commented on this pull request.
> @@ -27,12 +27,36 @@
end
claims do
- claim :preferred_username, :scope => :openid do |resource_owner, _scopes, _access_token|
+ claim :preferred_username, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
I am a bit puzzled here too - some libraries ask for both "openid profile" scopes by default, and then the client app would add additional scopes to that. If we only have "openid" scope that would fail - the client app would have to do extra effort to remove "profile". I do not think this is mandated by the spec, but I guess most of the providers (if not all) offer both `openid` and `profile` scopes. They often put quite a bit of information from profile which is not required into id_token even though it is not required to be there (`name`, `email`, `preferred_name` often go to id_token...
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4226#discussion_r1318900619
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4226/review/1615897082 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230907/181e31f8/attachment.htm>
More information about the rails-dev
mailing list