We utilize pingID as our identity provider in my company. We successfully got the identity provider connected and get the ldp responses are coming through but it’s missing user info such as first name, last name, etc. Looking at our documentation, we saw we needed to call scopes so we added this to our Ignition config and the pingID page comes up asking the user if it’s alright to transmit this info. We approve but the ldp response still does not have this information. After contacting out support team for pingID, they told us we’d have to perform a call the userinfo API for this information. After going through the ignition settings, I saw no where to put this so I’m wondering if Inductive will be including this in a future release of 8.0 or will we have to call the API on our own to receive this info utilizing the token we received from the ldp? The well known config includes a link to user info API so I’d assume this pretty common functionality on openID…
Hi @Tbthomps -
I could see the case for exposing an option for Ignition to call the User Info API. I’ll create a feature request for that.
You could call the API on your own. You will likely need the access token returned from the IdP which we do not currently expose. The feature for [FEATURE-13476] IdP Access Token would solve that problem.
Unfortunately, until we implement these features, the only way to fetch the data you need from the IdP is through the ID token itself. Most IdPs have a way to configure a mapping from the user attributes to the ID token claim, though it sounds like the stewards of your IdP cannot support this (either because of a technical limitation or a policy limitation).
Circling back to this thread. We have finally delivered the ability to call the user info endpoint and to use the access token: see Added Support for OIDC User Info and Token Endpoint Response