-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: OpenID Address Claim Does Not Conform to OpenID Standard #1184
Comments
I use https://docs.rs/openidconnect/latest/openidconnect/ openidconnect library in rust. |
Quote from https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim The Address Claim represents a physical mailing address. Implementations MAY return only a subset of the fields of an address, depending upon the information available and the End-User's privacy preferences. For example, the country and region might be returned without returning more fine-grained address information. Implementations MAY return just the full address as a single string in the formatted sub-field, or they MAY return just the individual component fields using the other sub-fields, or they MAY return both. If both variants are returned, they SHOULD be describing the same address, with the formatted address indicating how the component fields are combined.
|
Note that opened-connect-core advice the possibility of returning "just the full address as a single string in the formatted sub-field". That is, it is also acceptable to include only the |
Therefore, in short, I would consider the previous reverted |
@Congyuwang the previous PR was reverted because it has broken all our SDK code. All applications will fail. Can you make a PR to make a perfect fix? |
I think a figured a solution. That is to implement |
In OpenID token,
Address
should be a json object not an array of string. This causes more rigorous openID client libraries to reject responses from Casdoor.See OpenID Connect 1.0 Spec: https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
The text was updated successfully, but these errors were encountered: