Filtering groups from OIDC responce

0 views
Skip to first unread message

Julien Gribonvald

unread,
Aug 30, 2022, 2:59:50 AMAug 30
to uport...@apereo.org

Hi folks,

I should development a filtering on groups - provided from OIDC user-info API - depending on the client requesting. Is there someone already done a such thing ?

Also how do you see the thing about identifying the client to apply the good filter ?

Thanks for your help.

-- Julien

Benito Gonzalez

unread,
Aug 30, 2022, 7:13:58 PMAug 30
to Julien Gribonvald, uport...@apereo.org
Hi Julien,

Do you have some design ideas in mind already? We would love to see the configuration in uPortal.properties. Would the client be identified by a shared key?

Best,
-B


--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-dev...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/b89ab372-0382-83c7-625c-a15a74097c21%40recia.fr.

Julien Gribonvald

unread,
Aug 31, 2022, 5:06:19 AMAug 31
to Benito Gonzalez, uport...@apereo.org

Thanks Benito,

I don't have specific design and when I read this doc: https://openid.net/specs/openid-connect-core-1_0.html, I'm not sure of which implementation is entirely implemented expect the Implicit flow.

So if we go on this way, we should provide to the OIDC Request, as GET param, the client_id.

After we have only to define from properties a MAP that will permit to define for a client_id an object definition for filtering values. So I used a lot of time an object of kind Map<Client_id, MAP<user_attribute, List<string_patterns>>>

On an other part, about sharing a same secret key between several client I don't know how to do as we should set the issuer that should match the client checks... I mean that the issuer should be checked by the client, and so if we have several clients each one should have a specific id... But maybe something could be found, and any ideas on the way to do that stuff is welcome ;)

What do you think ?

Thanks

Julien Gribonvald
Reply all
Reply to author
Forward
0 new messages