https://www.ory.sh/ logo
Join Slack
Powered by
do i understand it correctly that it is up to the ...
# talk-hydra
r
do i understand it correctly that it is up to the delegated consent app to fill in contents in an id_token based on requested scopes? i read https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom#how-the-profile-scope-works where by default 
identity.traits.name.first
should be used as a 
given_name
claim if the 
profile
scope is requested. But when using 
kratos-selfservice-ui-node
as my login and consent app this did not happen (i requested the 
profile
scope but no 
given_name
was present in the id_token). Would I need to patch 
kratos-selfservice-ui-node
if i wanted to mimic the linked documentation?
For reference i could make it work by patching the selfservice-ui with:
Copy code
+    if (grantScopes.indexOf("profile") > -1) {
+      id_token.given_name = identity.traits["name"]["first"] || ""
+      id_token.last_name = identity.traits["name"]["last"] || ""
+    }
but just want to make sure i am understanding the architecture correctly, that the idea is that it is the consent app that gathers information about the user as well as sets fields in an id_token
t
I’m having this same problem, the id_token doesn’t have the name or email of the user, even though I’m requesting both the 
name
and 
email
scopes. Did you have to use the kratos sdk in the consent app to retrieve the identity manually?
r
I noticed the consent app was handling email and phone fields at https://github.com/ory/kratos-selfservice-ui-node/blob/4937e34665f654db6ecdd016830ab94ee5329e07/src/routes/consent.ts#L24-L37 so i added the code shown above and it seemed to work
(So i patched the code and rebuilt the container)
And also email worked directly for me, it was the profile scope that did not return given_name and last_name claims
t
Ahh okay, I was using the hydra-login-consent-node which didn’t handle any of it. Thanks!
5 Views
Open in Slack
PreviousNext
Powered by