Tweet
Hi!
While using an Open-Xchange server running 7.10.5-7_7.1, I found a few issues when using OIDC authentication.
All are probably based on the same issue, that the real "login" is not stored into the session when logging in with OIDC (to be confirmed):
- When using the onboarding wizard, the "login" set for carddav & caldav is `${userid}@${contextid}`. At least when using Resource Owner Password Credentials Grant, it doesn't seem to work (is it sent to the oidc provider as-is?)
- When creating new application password, the "login" displayed (& stored in the DB I believe) is `${userid}@${contextid}`. I think that this doesn't break anything, but is a bit strange nonetheless.
I started looking into the code, but to be honest, I've not yet managed to figure out where the session is populated (without a "login").
I'd guess that a parameter could be added to specify what part of the claim should be considered as the login, what do you think?
Cheers,
Vincent
While using an Open-Xchange server running 7.10.5-7_7.1, I found a few issues when using OIDC authentication.
All are probably based on the same issue, that the real "login" is not stored into the session when logging in with OIDC (to be confirmed):
- When using the onboarding wizard, the "login" set for carddav & caldav is `${userid}@${contextid}`. At least when using Resource Owner Password Credentials Grant, it doesn't seem to work (is it sent to the oidc provider as-is?)
- When creating new application password, the "login" displayed (& stored in the DB I believe) is `${userid}@${contextid}`. I think that this doesn't break anything, but is a bit strange nonetheless.
I started looking into the code, but to be honest, I've not yet managed to figure out where the session is populated (without a "login").
I'd guess that a parameter could be added to specify what part of the claim should be considered as the login, what do you think?
Cheers,
Vincent
).
Comment