New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Work with photo attributes #87

yurem opened this Issue Oct 28, 2015 · 1 comment


None yet
3 participants

yurem commented Oct 28, 2015

There is problem with picture attributes when application request profile scope which contains photo claim. It process this attribute value as ordinary attribute value. As result id_token size is 340Kb. Hence after user authorization redirects not working properly.

I think in all places except user info we need to return path in images repo or picture GUID. But user info endpoint should allows return photo. This endpoint should works without changes.

We need to start work on this issue after resolving: GluuFederation/oxTrust#135


This comment has been minimized.


nynymike commented Oct 28, 2015

It wouldn't make sense to return a path to the user in the id_token. In fact, exposing file system details is problematic for security. Except in the user_info endpoint, we should just not return this user claim.

@willow9886 willow9886 added this to the CE 2.4.1 milestone Nov 18, 2015

@willow9886 willow9886 added the bug label Nov 18, 2015

@willow9886 willow9886 modified the milestones: CE 2.4.2, CE 2.4.1 Dec 23, 2015

@willow9886 willow9886 modified the milestones: CE 2.4.3, CE 2.4.2 Jan 13, 2016

@yurem yurem modified the milestones: CE 2.4.3, CE 2.4.5 Jul 19, 2016

@nynymike nynymike modified the milestones: CE 3.1.0, CE 3.0.0 Nov 29, 2016

@nynymike nynymike modified the milestones: 3.2.0, CE 3.1.0 Apr 7, 2017

@willow9886 willow9886 modified the milestones: 3.2.0, CE 3.2.0 Apr 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment