fence icon indicating copy to clipboard operation
fence copied to clipboard

Published 20 hours ago verified publisher icon uc-cdis

Support `email` scope in authentication flow

Open VJalili opened this issue 5 years ago • 2 comments

When I set scopes in my authentication request to ['openid', 'user'], I get an ID token whose context decodes as:

  "context": {
    "user": {
      "phone_number": null,
      "display_name": null,
      "name": "[email protected]",
      "is_admin": false,
      "policies": [],
      "email": null,
      "projects": {}
    }
  },

where name filed contains the email address, and the email field is null.

I changed the scope to ['openid', 'user', 'email'], but then I get the Unauthorized exception:

https://github.com/uc-cdis/fence/blob/31744be49ec0a56492d6a87a110c5af699f87189/fence/auth.py#L98-L104

because email is not a currently supported scope:

https://github.com/uc-cdis/fence/blob/8337488620fad4ea32160d537e73c825cd93d18d/fence/jwt/token.py#L50-L56

I was wondering if can add a support for the email scope so a future context would decode as:

  "context": {
    "user": {
      "phone_number": null,
      "display_name": null,
      "name": "xyz",
      "is_admin": false,
      "policies": [],
      "email": "[email protected]",
      "projects": {}
    }
  },

VJalili avatar Mar 27 '19 15:03 VJalili