wag
wag copied to clipboard
NHAS
OIDC `preferred_username`
Hi
I'm using AzureAD as the OIDC provider, and for some reason, when processing the preferred_username claim, its returning an empty string. Would it be possible to expose the claim used for the username as a configurable.
Additionally, the preferred_username is listed as "mutable" and not recommended for use as a linking identifier (at least according to MS - https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference). Previously when I've done OIDC stuff with MS, my user model had a Username and Displayname (Displayname defaulted to Username), and then when using OIDC, the username value would be sourced from the oid claim and the display name would be sourced from preferred_username/name/email (configurable probably).
The issue with the oid claim without the differentiation of username vs displayname is that the oid is a GUID which makes no sense in a UI.
Happy to help with dev, if you think this is an issue worth looking at. Happy to, as a first cut, just provide an MR making the username claim configurable (default to preferred_username). Later look at updating the user model to introduce the username vs displayname concept
