-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user profiles API for Oauth2 (maybe common)? #405
Comments
Hi Paulo, That's a good idea. We looked some time ago into having an easy way to get a user's email regardless of the authentication method, so what you're suggesting would be quite handy for that purpose. Maybe call it BasicProfile to emphasize it's not meant to be everything and have all authn providers support it via custom queries. |
I just realized that we already support some of this. It is called The reason for this data object is that IdP do not "standardize" on common claims, so we could have a data object with:
Now, as some providers supply As an example see: https://developers.google.com/identity/protocols/oauth2/openid-connect#obtainuserinfo So the The work is now on writting default transformations for the existing configs we have: And how to ensure that the transformers are used with probably an extra setter on the OAuth2Auth interface. |
Further thinking about the issue, instead of having an extra data object, the given properties should be added as read only properties to the The properties can be evaluated as:
|
normalize the attributes layout and extract the userInfo specific att…
Many of the oauth2 providers out there, have an extra API to fetch a user profile. A user profile usually contains:
How interesting would it be to have a DataObject with this type safe structure and an extra method on the Oauth2 provider to fetch the profile?
Perhaps we could even "standardize" on the other providers to also have this? for example, jdbc/sql/mongo could have an extra optional query to fetch this data?
The reason for the parameter is that we can use it to fetch the data directly if in the attributes/principal or using the knowledge on the provider fetch the user specific data using its unique identifier.
As it is being described here, it's a purely fetch, there is no intent to create a full CRUD api for it.
/cc @stephanebastian @jponge @francoisprunier
The use case I can see for this is building webapps, where in many cases it is common to have a menu with the picture of the user and at least this information. Having it as a common API could simplify this use case.
The text was updated successfully, but these errors were encountered: