Add configurable option for choosing between JWT and UserInfo

Hi guys,

I am having an issue when setting up oidc with our Azure AD backend. I want to use preferred_username as the default username since this is only field which is unique (email and name are recycled and reusable)

preferred_username is returned by JWT via ‘profile’ scope, but not by the UserInfo endpoint. And because UserInfo appears in the discovery document, the plugin opt to use it instead of JWT, making preferred_username unavailable for username suggestion.

I have seen another user got similar issue and he needed to patch the code himself (here)

Microsoft actually recommends to use JWT instead of UserInfo.

I think it is sensible to provide it as a configurable option?

Cheers

1 Like