Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add a new attribute's type to handle attributes containing JSON data more gracefully in OIDC flows #822
A bit of context:
Currently, if an attribute's type is text, and a JSON object is stored in it, when this attribute's value is included in JSON object of
...is changed into this:
Even if this attribute's value is set via web UI, it's still represented as an JSON in LDAP, so apparently it's re-encoded on the fly when userinfo request is being served.
It's should be noted that it's possible to include enclosed JSON objects into the base JSON object of userinfo response from within dynamic scope script, so technically it shouldn't be that hard to make it properly handle JSON objects persisted in attributes in LDAP as well.
Original ticket where it was reported is here
Add a new attribute's type "JSON" selectable in "Type" dropdown list when it's created/modified, to handle this case more gracefully. If such type is detected when claim's value is being composed, oxAuth will verify it's a valid JSON object and will encode it correspondingly before adding to userinfo's response. Should work both for cases when claims are fetched from userinfo, and when they are included in