You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apparently, a user wants to use preferred_email as an email claim in Dex but has no opportunity to do it, because the email claim is present in the token.
Allow users to remap claims even if the standard one exists in the token. There are many OIDC providers that allow claims customization. I see no objections to allowing users to manage claims as they want.
Sadly, making this strategy enabled by default is a breaking change.
The text was updated successfully, but these errors were encountered:
nabokihms
changed the title
Allow OIDC connector to remap a claim even if the original claim is not available
Allow OIDC connector to remap claims even if the original claims are not available
Jun 7, 2021
Is your feature request related to a problem?
There is a problem, that users cannot map custom OIDC token claim to the dex claim.
For example, the original token has two claims:
{ "email": "[email protected]", "preferred_email": "[email protected]", ... }Apparently, a user wants to use
preferred_emailas an email claim in Dex but has no opportunity to do it, because the email claim is present in the token.See corresponding code lines:
https://github.com/dexidp/dex/blob/master/connector/oidc/oidc.go#L306-L310
Describe the solution you'd like to see
Allow users to remap claims even if the standard one exists in the token. There are many OIDC providers that allow claims customization. I see no objections to allowing users to manage claims as they want.
Sadly, making this strategy enabled by default is a breaking change.
Describe alternatives you've considered
Middlewares? :)
Additional context
Was discussed here #2158 (comment)
The text was updated successfully, but these errors were encountered: