Add possibility to configure the "claims" query parameter in the auth_url of OIDC providers to request individial id_token claims #735
Labels
feat
New feature or request.
good first issue
A good issue to tackle when being a novice to the project.
help wanted
We are looking for help on this one.
package/selfservice/oidc
Affects the OpenID Connect Self Service Strategy
Milestone
Is your feature request related to a problem? Please describe.
I tried to configure https://twitch.tv/ as an OIDC provider, but the id_token does not contain the
email
oremail_verified
fields by default which I want to use. These fields are only present when the request to the authorization endpoint contains theclaims
query parameter with the value{"id_token":{"email":null, "email_verified":null}}
. Theclaims
parameter is by default optional, but you have to explicitly set the parameter at twitch to get both fields.Therefore would it be nice to configure a provider to request specific claims in an id_token.
Specification: https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Describe the solution you'd like
The URL should contain the
claims
parameter if one is configured. Example: https://id.twitch.tv/oauth2/authorize?claims={"id_token":{"email":null,"email_verified":null}}&client_id=any_client_id&redirect_uri=http://127.0.0.1:7001/redirect&response_type=code&scope=openid+user:read:email&state=any_stateThe configuration could simply look like this:
The text was updated successfully, but these errors were encountered: