-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature : Requesting claims using the claims request parameter #308
Comments
From what I understand from reading that thread is that the Here is the configuration I'm using Authorization https://id.twitch.tv/oauth2/authorize When you configure the Twitch IdP you can either just specify I can confirm that the
Here is my configuration : This is sort of strange because |
It does look like they document the https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-flow This page lists out the default claims returned in the Userinfo response, this is consistent with what I'm seeing. https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#claims According to their documentation, we would have to append another parameter to the request to
We don't currently support adding additional request parameters to these requests. This is a documented optional method to allow the caller to request particular claims. It is documented in section 5.5 in the OpenID Connect core spec. https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims We could look at adding this capability so that we can work with Twitch and any other OIDC provider that may utilize this methodology. |
@tauinger-de I may have an easy fix for you. As a test, I made a small change to the way we call the Authorize endpoint to allow request parameters to be added to the configured URL. This way, I configured my Twitch IdP as follow for the Authorization endpoint:
I added We should probably support the Looks for Twitch to work in the upcoming patch release. |
Good morning, that sounds great! Thanks heaps for your efforts. Have you got a release date in mind? |
Opening a separate issue to track this small fix to make Twitch work with our current OpenId Connect configuration. We can use this issue to track the feature to add support for the Issue #309
You're welcome. No date in mind, there are few minor fixes that I could probably get out in a small release. Maybe yet this week? Do you have an ideal timeline in mind? |
Closing this issue, as it seems to be covered by #309 . |
Need claims in addition to scopes for OpenID Connect
Description
I am trying hard to get Twitch setup as an identity provider. However (as discussed in https://discuss.dev.twitch.tv/t/openid-connect-issues-using-fusionauth-scopes-are-not-provided/22627/3) Twitch doesn't support any other scope than "openid". To get access to the essential "email" claim this must be requested with another "claims" parameter such as
&claims={"id_token":{"email":null,"email_verified":null},"userinfo":{"picture":null}}
To me it seems that Fusionauth does not support this -- which would mean that I cannot employ Twitch as a provider :(
Is there a workaround for this?
Related Specification
https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims section 5.5
The text was updated successfully, but these errors were encountered: