Skip to content

RORDEV-1477 Add id_token userinfo access to the OIDC provider #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

RORDEV-1477 Add id_token userinfo access to the OIDC provider #264

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f215251
RORDEV-1477 Add id_token userinfo access to the OIDC provider
Dzuming May 23, 2025
ab2fb34
RORDEV-1477 update methods count info
Dzuming May 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions kibana.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1198,21 +1198,23 @@ The following description explains the available options for the setting:

### User Info Source Methods

You can configure where the ReadonlyREST Kibana plugin obtains the OIDC user profile information using the `userInfoSource` option in the `readonlyrest_kbn.auth.oidc_kc` block. There are two available methods:
You can configure where the ReadonlyREST Kibana plugin obtains the OIDC user profile information using the `userInfoSource` option in the `readonlyrest_kbn.auth.oidc_kc` block. There are three available methods:

1. **user_info_endpoint** (default):
When set to `user_info_endpoint`, the plugin makes an additional call to the URL specified under `userInfoURL` to retrieve the most up-to-date user profile information from the OIDC provider.

2. **access_token**:
When set to `access_token`, the plugin extracts the user profile information directly from the access token.
3. **id_token**:
When set to `id_token`, the plugin extracts the user profile information directly from the ID token.

For example, you can configure it as follows:

```yaml
readonlyrest_kbn:
auth:
oidc_kc:
userInfoSource: 'access_token' # Available options: 'user_info_endpoint' (default) or 'access_token'
userInfoSource: 'access_token' # Available options: 'user_info_endpoint' (default), 'access_token', 'id_token'
```


Expand Down