How to configure user info endpoint to get the user details in implicit code flow? #4217
-
Is your feature request related to a problem? Please describe.
Describe alternatives you've considered |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
This is a question - moving to github discussion as a "Q&A" topic. |
Beta Was this translation helpful? Give feedback.
-
Hi there, I think I am missing some more context. All the description above sounds quite unrelated to kiali to me. |
Beta Was this translation helpful? Give feedback.
-
Most of the time, I've seen that people get the needed data by adjusting requested scopes. The token that the OpenID Server returns at authentication may not carry user's email unless requested (this depends a lot on the OpenID server config). If you want the e-mail, I think you need to request the "email" scope (which is a default if no scopes are configured in the KialiCR). So, I suggest you to double-check what scopes you have configured (if any). The problem with implicit flow is that some openid providers choose to trim down claims to provide a token that can fit in the URL (with good reason). So, there is a chance that you will need to switch to the authorization code flow to have the e-mail. Kiali is currently not using the user info endpoint. So, it's also unaware of it. From the OpenID Spec I see the UserInfo Endpoint uses the Honestly, I think it's better to switch to I can meet with you if you are willing to contribute with this work. |
Beta Was this translation helpful? Give feedback.
Most of the time, I've seen that people get the needed data by adjusting requested scopes.
The token that the OpenID Server returns at authentication may not carry user's email unless requested (this depends a lot on the OpenID server config). If you want the e-mail, I think you need to request the "email" scope (which is a default if no scopes are configured in the KialiCR). So, I suggest you to double-check what scopes you have configured (if any). The problem with implicit flow is that some openid providers choose to trim down claims to provide a token that can fit in the URL (with good reason). So, there is a chance that you will need to switch to the authorization code flow to have t…