jackson icon indicating copy to clipboard operation
jackson copied to clipboard
verified publisher icon boxyhq

OIDC Connection: Missing profile email in /api/oauth/userinfo endpoint

Open MarcelGeo opened this issue 7 months ago • 2 comments

Found a bug? Please fill out the sections below. 👍

Issue Summary

We attempted to connect to the OIDC provider (Entra in our case). The response from api/oauth/userinfo does not provide the email attribute. After some debugging, we found that the email is parsed from the Entra user's Contact information attribute, but only if it is present. We are unsure if this is the expected behavior. The email in the contact information in Entra is not filled out by default, and there is also the possibility to add multiple emails.

Image

Steps to Reproduce

  1. Create connection in jackson dashboard
  2. Select OIDC and provide all necessary fields to entra OIDC
  3. try to use API

Expected behaviour could be, that email should be parsed properly from user in that case. Because entra user is having email and not need to be provided in entra users contact information.

MarcelGeo avatar May 14 '25 11:05 MarcelGeo

Hi @MarcelGeo, the mapping relies on the IdP (specifically on how they map the email scope) and we have no control over it since we can only work with the attributes sent over to us. We will check if it is possible to look for this attribute elsewhere (assuming the IdP is sending it to us).

deepakprabhakara avatar May 14 '25 11:05 deepakprabhakara

Thanks @deepakprabhakara for the quick response :)

tomasMizera avatar May 14 '25 12:05 tomasMizera