dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

Support given_name and family_name, add it to the "handful" of supported Standard claims

Open edeati opened this issue 4 years ago • 4 comments

Preflight Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

given_name and family_name Standard claims are not included in the ID Token when you request profile scope.

These are fairly standard claims and applications would be using these claims to display the user's name.

Proposed Solution

Include family_name and given_name in the ID token

  "claims_supported": [
    "iss",
    "sub",
    "aud",
    "iat",
    "exp",
    "email",
    "email_verified",
    "locale",
    "name",
    "preferred_username",
    "at_hash",
    "given_name",
    "family_name"
  ]

Alternatives Considered

No response

Additional Information

No response

edeati avatar Dec 17 '21 01:12 edeati

@edeati Yeah, these are standard claims....for OIDC. Unfortunately a bunch of providers (SAML, LDAP, OAuth2) don't necessarily provide the same information, hence we've been reluctant to include these claims.

However, it might make sense to revisit this decision.

sagikazarmark avatar Jan 15 '22 10:01 sagikazarmark

I would suggest to make it optional, per each connector. ideally there should be a mapping for each connector. For example LDAP:

  • given_name: custom_attr_1
  • family_name: custom_attr_2.

And for me this custom_attr_XX are base64 encoded(non latin characters)

Udbv avatar Jun 14 '22 19:06 Udbv

any update?

yacut avatar Oct 14 '23 20:10 yacut

Is there a workaround for this?

cldfzn avatar Mar 04 '24 21:03 cldfzn