Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

user profiles API for Oauth2 (maybe common)? #405

Closed
pmlopes opened this issue Aug 4, 2020 · 3 comments · Fixed by #427
Closed

user profiles API for Oauth2 (maybe common)? #405

pmlopes opened this issue Aug 4, 2020 · 3 comments · Fixed by #427

Comments

@pmlopes
Copy link
Contributor

pmlopes commented Aug 4, 2020

Many of the oauth2 providers out there, have an extra API to fetch a user profile. A user profile usually contains:

  • username
  • name
  • email
  • photo

How interesting would it be to have a DataObject with this type safe structure and an extra method on the Oauth2 provider to fetch the profile?

void fetchProfile(User user);

Perhaps we could even "standardize" on the other providers to also have this? for example, jdbc/sql/mongo could have an extra optional query to fetch this data?

The reason for the parameter is that we can use it to fetch the data directly if in the attributes/principal or using the knowledge on the provider fetch the user specific data using its unique identifier.

As it is being described here, it's a purely fetch, there is no intent to create a full CRUD api for it.

/cc @stephanebastian @jponge @francoisprunier

The use case I can see for this is building webapps, where in many cases it is common to have a menu with the picture of the user and at least this information. Having it as a common API could simplify this use case.

@francoisprunier
Copy link
Contributor

Hi Paulo,

That's a good idea.

We looked some time ago into having an easy way to get a user's email regardless of the authentication method, so what you're suggesting would be quite handy for that purpose.

Maybe call it BasicProfile to emphasize it's not meant to be everything and have all authn providers support it via custom queries.

@pmlopes pmlopes added this to the 4.0.0 milestone Sep 5, 2020
@pmlopes
Copy link
Contributor Author

pmlopes commented Sep 25, 2020

I just realized that we already support some of this. It is called userInfo as per Oauth2 spec. However, we could indeed define a minimal UserProfile data object, so the API could return it or have some utilities to it.

The reason for this data object is that IdP do not "standardize" on common claims, so we could have a data object with:

{
  id, // as some IdP use: user_id, sub, id, etc...
  name, // some IdP split first_name, last_name and name
  email, 
  picture, // some IdP return a profile link to a picture
}

Now, as some providers supply id tokens we could pre-populate this info from there and have it on the user object already and the call, would only ensure that we use the specific endpoint to fetch the full info.

As an example see: https://developers.google.com/identity/protocols/oauth2/openid-connect#obtainuserinfo

So the UserInfo (or profile) data object should have the properties defined above and probably should extend JsonObject so we could accommodate any IdP specific properties too.

The work is now on writting default transformations for the existing configs we have:

https://github.com/vert-x3/vertx-auth/tree/master/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/providers

And how to ensure that the transformers are used with probably an extra setter on the OAuth2Auth interface.

@pmlopes
Copy link
Contributor Author

pmlopes commented Oct 6, 2020

Further thinking about the issue, instead of having an extra data object, the given properties should be added as read only properties to the User interface, and the values should be read from the attributes() property.

The properties can be evaluated as:

  • id: attributes.{id, sub, account_id, nickname}
  • name: attributes.{name, (firstName + ' ' + lastName), username, display_name}
  • email: attributes.{email, login}
  • picture: attributes.{picture, avatar_url, avatarUrl}

pmlopes referenced this issue Oct 12, 2020
normalize the attributes layout and extract the userInfo specific att…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants