DMC/oauth2-authorization-server
0
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Include entitlements in ID token and UserInfo response #8

Manually merged
ansv7779 merged 2 commits from entitlements-in-id-token into main 2025-05-12 15:11:34 +02:00
Conversation 0 Commits 2 Files Changed 6 +153 -11
ansv7779 commented 2025-05-12 14:32:32 +02:00
Owner
Copy Link

Primary reason for this inclusion is for Nextcloud social login. The login function uses the OIDC UserInfo endpoint to gather profile data (name/email) as well as a way to assign group memberships in Nextcloud which are based on some attribute in the UserInfo response. We want to use entitlements as a way to assign groups in Nextcloud and therefore the entitlements must be included in the UserInfo endpoint. If they are included in the UserInfo endpoint then it makes sense to also include them in the ID token.

Primary reason for this inclusion is for [Nextcloud social login](https://github.com/zorn-v/nextcloud-social-login/). The login function uses the [OIDC UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) to gather profile data (name/email) as well as a way to assign group memberships in Nextcloud which are based on some attribute in the UserInfo response. We want to use entitlements as a way to assign groups in Nextcloud and therefore the entitlements must be included in the UserInfo endpoint. If they are included in the UserInfo endpoint then it makes sense to also include them in the ID token.
ansv7779 added 2 commits 2025-05-12 14:32:32 +02:00
Include entitlements in id token
All checks were successful
/ build (push) Successful in 2m18s
Details
cee61c73ee 
Primarily for Nextcloud social login that can only read data from either the id token or the access token. Since it is public information there is no issue always including it.
Include entitlements claim in user info response
All checks were successful
/ build (push) Successful in 2m17s
Details
7c132395a2
ansv7779 manually merged commit fb3ad6f8ab into main 2025-05-12 15:11:34 +02:00
ansv7779 deleted branch entitlements-in-id-token 2025-05-12 15:11:37 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: DMC/oauth2-authorization-server#8
No description provided.
Delete Branch "entitlements-in-id-token"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?