security icon indicating copy to clipboard operation
security copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

[FEATURE] Support UserInfo Endpoint for OpenID

Open Martin-Kemp opened this issue 3 years ago • 5 comments

Is your feature request related to a problem? We're currently trying to use OpenID but can't use it for fine grained authorization because Opensearch does not support the UserInfo Endpoint.

What solution would you like? Support UserInfo Endpoint as defined by OpenID: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo This is supported by Elasticsearch through xpack: https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html

What alternatives have you considered? I'm currently trying to get around this by using LDAP attributes but allow-listing only some attributes does not seem to work either: https://github.com/opensearch-project/security/issues/2032

Do you have any additional context? Add any other context or screenshots about the feature request here.

Martin-Kemp avatar Aug 22 '22 11:08 Martin-Kemp

Thank you for filing this request.

DarshitChanpura avatar Aug 22 '22 19:08 DarshitChanpura

Not sure if this is frowned upon, but here's how ~x-pack does it: ...~

Obviously I'm not suggesting a copy-paste but might be worth looking at for a reference.

[Edited by @peternied: Removed link to prevent accidental copy/paste error]

Martin-Kemp avatar Oct 25 '22 11:10 Martin-Kemp

😂 We are faced with the same issue. ID token is really not enough.

hoilc avatar Nov 11 '22 03:11 hoilc

Hello, any update on this? We would love to see this feature implemented

geckiss avatar Oct 31 '23 15:10 geckiss

Thanks for the interest @geckiss we'd welcome a pull request to support this feature.

peternied avatar Nov 01 '23 16:11 peternied