stable
Clone or download
Part of story #14714: be an OpenID Connect provider Additional claims will be returned with additional OAuth2 Scopes. For now, only the "sub" claim is returned as it is the only one mandatory [0]. To test you need an access token with the 'Sign in' scope (if the usage of PKCE is forced, add the mandatory parameters): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=openid&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token and an ID token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. Access the UserInfo endpoint with the given Access token: shell> curl -H 'Authorization: Bearer <access_token>' https://tuleap.example.com/oauth2/userinfo 6. The response will be a JSON object like {"sub": "<your_user_id>"} [0] https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse Change-Id: I0f215e000b2ab61b55cdcb0443de47eb7c86ee8b
Modified Files
| Name | ||||
|---|---|---|---|---|
| A | plugins/oauth2_server/include/User/UserInfoController.php | +71 | −0 | Go to diff View file |
| M | plugins/oauth2_server/include/oauth2_serverPlugin.php | +33 | −0 | Go to diff View file |
| A | plugins/oauth2_server/phpunit/User/UserInfoControllerTest.php | +55 | −0 | Go to diff View file |