Comments (5)
Maybe something like this would work? Get the data from the token and merge it with the existing data. Don't know if there are any edge cases (empty idtoken?) we would need to test.
public function retrieveUserInfo(OidcTokens $tokens): OidcUserData
{
// Set the authorization header
$headers = ["Authorization: Bearer {$tokens->getAccessToken()}"];
// Retrieve the user information and convert the encoding to UTF-8 to harden for surfconext UTF-8 bug
$jsonData = $this->urlFetcher->fetchUrl($this->getUserinfoEndpoint(), null, $headers);
$jsonData = mb_convert_encoding($jsonData, 'UTF-8');
// Read the data
$userInfoData = json_decode($jsonData, true);
// Get the data from the id_token
$tokenData = $this->jwtHelper->decodeJwt($tokens->getIdToken(), 1);
$tokenData = json_decode(json_encode($tokenData), true);
$data = array_merge($tokenData, $userInfoData);
// Check data due
if (!is_array($data)) {
throw new OidcException('Error retrieving the user info from the endpoint.');
}
return new OidcUserData($data);
}
from symfony-oidc.
Well, what you're looking is indeed not possible with the current implementation, so you didn't miss something obvious. Only Microsoft did by leaving out the most important user information from the User Info endpoint 😄
To me option 1 seems best, as that would be the nicest point of integration in my opinion without processing the user info data. You can adjust the OidcAuthenticator
to retrieve the $userIdentifier
from either the $userData
as it does now, or to retrieve it from the id token when configured. A new method to retrieve the identifier would be best.
I assume you still need access to the user info to be able to load the rest of the user information, right?
Are you up for a PR? You can look at how the userIdentifierProperty
/user_identifier_property
has been implemented, and adjust it for a new useIdTokenForUserIdentifier
. The retrieval of the correct JWT part can be added to the OidcJwtHelper
class, and maybe even refactor this line to use it: https://github.com/Drenso/symfony-oidc/blob/master/src/OidcClient.php#L445.
from symfony-oidc.
Hi Bob,
That seems like fun. I'll try a PR, I have time this Wednesday, so will look into it then.
Thanks,
Albert-Jan
from symfony-oidc.
Fixed with #38, thank you @stevensajw 👍🏻 (and tagged as 2.10.0)
from symfony-oidc.
Learned a lot, thank you :-)
from symfony-oidc.
Related Issues (20)
- [Question] Is Back-Channel Logout supported HOT 9
- How to retrieve user roles during the authentication ? HOT 3
- No route found for "POST https://my-domain/login_check" (from "https://identity-provider.domain/") HOT 18
- Question: using in API REST context HOT 2
- Link to our example project HOT 1
- Can I get Access Token AFTER Authentication? HOT 1
- token_endpoint_auth_methods_supported should be optional in OIDC configuration HOT 3
- phpseclib contains security issues and requires update to 2.0.47 and 3.0.36 HOT 1
- "No support for signature type: ES384" HOT 3
- Really slow response time for /login_check HOT 4
- Local logout option in generateEndSessionEndpointRedirect function HOT 1
- Upgrade 3.0 bug? The JWT string must have two dots HOT 5
- Check for additional contraints / claims HOT 2
- well_known_parser is never called HOT 5
- Azure token verification fails HOT 23
- Microsoft IdP compatibility HOT 6
- JWT Decode missing on UserInfo HOT 4
- Example Project or insights for Keycloak and Angular API HOT 1
- Readme documentation about logout is confusing HOT 1
- Store new token obtained after calling refresh token endpoint HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from symfony-oidc.