You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
note: iinit rejects an empty password, but we should confirm that the protocol/server itself doesn't allow authentication via native with a missing/non-set/empty password.
The text was updated successfully, but these errors were encountered:
My question, ignoring the password part, is what would we use to determine the new username? OpenID, in its default claims, MAY contain preferred_username, and OAuth MAY provide a username in its token introspection endpoint.
Of possible interest is also the lack of a username in the JWT profile for OAuth 2.0 access tokens (for offline token validation): https://www.rfc-editor.org/rfc/rfc9068
More to think about, would this an extension of the user mapping plugin? (e.g. user_mapper_generate_username_from_access_or_id_token(...))
Feature
Just an idea... needs more consideration...
new boolean configuration setting
http_server/authentication/openid_connect/create_new_rodsusers
(default: false)if this setting is
true
:CAT_INVALID_USER
from the iRODS servernote:
iinit
rejects an empty password, but we should confirm that the protocol/server itself doesn't allow authentication via native with a missing/non-set/empty password.The text was updated successfully, but these errors were encountered: