New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attributes with the type SubjectDerivedAttribute not passed to id_token or userinfo #43
Comments
After reading the doc a little better, i added setToToken="true" to the AttributeEncoder, like this :
In the DEBUG log, i see that the value is encoded into the authorization code, but not in the access token, so it is still not returned by the userinfo endpoint. |
With a little more digging :
|
With the implicit flow, it works as advised : the attributes defined with setToToken are properly encoded inside the token and returned by userinfo. So I really think the problem really is passing the values from the code to the token in the "authorization code" flow. |
Finally got this replicated and resolved. Thank you very much for the analysis: in short it was all about token-endpoint ignoring the dl_claims_ui claims encoded in the authorization code. The fix will be released in v1.1.1 and also for IDP4-compatible 2.0.0. |
We have some attributes which are passed from the authentication phase and retrieved using the SubjectDerivedAttribute definition.
It works without any problem using SAML. They are also resolved at the "authorize" step.
But the values are not resolved at the token or userinfo steps. There is just 0 values.
An example of the definitions we use :
The text was updated successfully, but these errors were encountered: