This issue has been created
 
 
OpenId Connect / cid:jira-generated-image-avatar-6a75e745-02f0-4bfd-91fe-eb49d7851d8d OIDC-180 Open

Allows skipping the userinfo request even in code flow
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-6ba80eb2-3d5c-4d3f-b982-8663be64b318 Thomas Mortagne created this issue on 13/Jun/24 16:56
 
Summary: Allows skipping the userinfo request even in code flow
Issue Type: cid:jira-generated-image-avatar-6a75e745-02f0-4bfd-91fe-eb49d7851d8d New Feature
Affects Versions: 2.8.8
Assignee: Unassigned
Components: Authenticator
Created: 13/Jun/24 16:56
Priority: cid:jira-generated-image-static-major-62840b86-f7de-4939-99bb-006513207bfd Major
Reporter: Thomas Mortagne
Description:

There is a bug in some OIDC provider which are not actually properly implementing the userinfo endpoint. Fortunately, it's also often cases which put user information on the id token, making it possible to just skip the userinfo despite what the response type indicates.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.