Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Identity Improvements #3513

Merged
merged 1 commit into from
Nov 29, 2023
Merged

User Identity Improvements #3513

merged 1 commit into from
Nov 29, 2023

Conversation

sbwalker
Copy link
Member

@sbwalker sbwalker commented Nov 29, 2023
edited
Loading

This PR contains a number of improvements in the User Identity area:

  • Allow OAuth2 configuration to specify Role and Profile claim types - previously this was only supported for OIDC however user info endpoints can return this information for OAuth2 as well
  • Add Name Claim Type - this is a very common claim and is useful when identifying a user and creating a user account
  • Remove Email Claim requirement - some IDPs do not return an email address but the system should still allow an external user to login and then provide their email address afterward
  • Email Address entry flow - once a user logs in, the system will redirect the user to the User Profile if their account does not have an Email address specified
  • Improve user flow in User Profile and Registration - similar to Login, the system now remembers the current Url and redirects the user back to that Url after updating their profile or registering
  • Email re-verification - when a user changes an email address (and they are not an admin) the system sends an email verification notification so they can re-verify their email address
  • Review Claims feature in External Login - allows administrator to review the claims returned by the IDP so that they can provide the proper claim type mappings in their configuration (and not rely on trial and error). Review Claims includes a Test button to simplify the workflow.
  • Review Claims values - the claims returned from the IDP will be recorded in the Event Log and will now include not only the claim type names but the values as well

An example of Facebook Login using OAuth2 which does not require an Email claim:

(note you need to create an Facebook app integration on the Facebook developer portal first to get a Client Id and Client Secret):

Authorization Url: https://www.facebook.com/v18.0/dialog/oauth
Token Url: https://graph.facebook.com/v18.0/oauth/access_token
User Info Url: https://graph.facebook.com/v18.0/me
Client ID: {your id}
Client Secret: {your secret}
Scopes: public_profile
ID Claim: id
Name Claim: name
Email Claim: {blank - not provided}

Returns claims such as:

{"name":"Shaun Walker","id":"xxxxxxxxxxxxxx"}

Oqtane will create a user account for the user (without an email address) and then redirect them to the Profile page so that they can enter an email address.

@sbwalker sbwalker merged commit f2e1ebe into oqtane:dev Nov 29, 2023
@sbwalker sbwalker changed the title user identity improvements User Identity Improvements Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sbwalker