You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This can be triggered by passing claims_in_tokens to the authorization URL. Allowed values are id_token and token, they can also be combined (space-separated).
It would be nice if oidc-agent would directly support attaching these to the authorization_url. Alternatively, adding custom parameters to the authorization_url for such specialized use cases may be a more generic way to implement this.
The text was updated successfully, but these errors were encountered:
I'm aware of this. And indeed I prefer a generic way to add custom parameters.
As a temporary work around you can do the following:
So while the agent currently does not have support for custom parameters. It is still possible to get it working with the agent.
When the authorization url is printed (and automatically opened) - ignore the opened one - copy the printed url and append the parameter, e.g. "&claims_in_tokens=token". Rest as normal. - The ATs obtained from this account config now are fat with the additional parameters.
ignore the opened one - copy the printed url and append the parameter, e.g. "&claims_in_tokens=token". Rest as normal. - The ATs obtained from this account config now are fat with the additional parameters.
Indeed, this is exactly what I am doing right now as workaround — I just wanted to reflect the feature in an issue to get a more streamlined version for the future 😉 . Thanks in advance, also for following up on these developments!
The Unity IAM as used e.g. by the Helmholtz AAI has gained a new extension:
https://github.com/unity-idm/unity/blob/c62f384c5a77556b10491837a76e76ec76ce47de/documentation/src/main/doc/endpoint-oauth.txt#L147-L165
This can be triggered by passing
claims_in_tokens
to the authorization URL. Allowed values areid_token
andtoken
, they can also be combined (space-separated).It would be nice if
oidc-agent
would directly support attaching these to theauthorization_url
. Alternatively, adding custom parameters to theauthorization_url
for such specialized use cases may be a more generic way to implement this.The text was updated successfully, but these errors were encountered: