-
-
Notifications
You must be signed in to change notification settings - Fork 963
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Use id from https://graph.microsoft.com/v1.0/me as oidc subject. #2153
Conversation
Please give your feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! I've got a question
return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) | ||
} | ||
|
||
claims.Subject = user.Id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the value from the me
endpoint different than the one from the userinfo endpoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, they are different. Have checked this with my own account.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you share what their formats look like? And is there no way to get this other ID from the userinfo endpoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using an access token with scope [User.Read openid profile email] I receive
- from /userinfo
{
"sub": "AAAAAAAAAAAAAAAAAAAAAENMusLqo_f5vKwPzixWdNS",
"email": "[email protected]",
"picture": "https://graph.microsoft.com/v1.0/me/photo/$value"
}
- from /me
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "",
"surname": null,
"givenName": null,
"id": "7wt4391vs271486n",
"userPrincipalName": "[email protected]",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, this helps!
e9db8d5
to
b6a2591
Compare
client := o.Client(ctx, exchange) | ||
|
||
u, err := url.Parse("https://graph.microsoft.com/v1.0/me") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note to self: this is not using the resilient client
I tried pushing some changes required for merging the PR to your fork & branch, but it appears that I am not allowed to do so 😕
But the good news is, giving access is easy! If the repository belongs to an organization, please add me for the project as a collaborator! |
b6a2591
to
78de615
Compare
I have invited you as a collaborator to the forked repo. |
Thank you! Could you please also update the docs section ( https://www.ory.sh/kratos/docs/next/guides/sign-in-with-github-google-facebook-linkedin#microsoft ) and include how and when to use this feature? |
88456e0
to
0fbd346
Compare
Ping @splaunov could you please add a section in https://www.ory.sh/docs/kratos/guides/sign-in-with-github-google-facebook-linkedin#microsoft documenting the use of this feature? :) |
Yes, sorry for delay. Will do it end of week. |
great, thank you for the update! |
Docs PR: ory/docs#706 |
Codecov Report
@@ Coverage Diff @@
## master #2153 +/- ##
==========================================
- Coverage 76.65% 76.54% -0.12%
==========================================
Files 318 318
Lines 17272 17297 +25
==========================================
Hits 13240 13240
- Misses 3098 3123 +25
Partials 934 934
Continue to review full report at Codecov.
|
b1bd18f
to
a059b6e
Compare
…crosoft (#2347) Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. Closes #2153 Co-authored-by: splaunov <[email protected]>
…crosoft (ory#2347) Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. Closes ory#2153 Co-authored-by: splaunov <[email protected]>
Hello, I am getting the following error when adding subject_source to my OIDC configuration:
Maybe the definitions have not been updated correctly? My configuration looks like this:
EDIT: Looks like this pull request isn't in v0.9.0-alpha.3 |
Correct. To test it right now you should build from head of master. |
…crosoft (ory#2347) Adds the ability to read the OIDC subject ID from the `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field `subject_source` to the OIDC configuration. Closes ory#2153 Co-authored-by: splaunov <[email protected]>
Use id from https://graph.microsoft.com/v1.0/me as a subject identifier instead of userinfo sub field.
Related issue(s)
#2150
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments