Hello I am implementing OIDC using Google and want to access Ory Community #talk-kratos

Hello! I am implementing OIDC using Google and wan...

enough-bear-53057

02/15/2021, 2:41 PM

Hello! I am implementing OIDC using Google and want to access the

hd

claim that is present in Googles documentation (https://developers.google.com/identity/protocols/oauth2/openid-connect#an-id-tokens-payload). However when I attempt to add it to my

requested_claims

like this it is always null:

Copy code

scope:
  - email
  - profile
requested_claims:
  id_token:
    email:
      essential: true
    email_verified:
      essential: true
    given_name:
      essential: true
    family_name: null
    hd: null

This is my jsonnet mapping:

Copy code

local claims = {
  email_verified: true
} + std.extVar('claims');

{
  identity: {
    traits: {
      [if "email" in claims && claims.email_verified then "email" else null]: claims.email,
      first_name: claims.given_name,
      last_name: claims.family_name,
      [if "hd" in userinfo then "domain" else null]: userinfo.hd,
    },
  },
}

I noticed that

hd

is not present in the following claims struct: https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2/#external-variable-claims. Does anyone know how I can get hold of the

hd

claim when using Google OIDC?

enough-bear-53057

02/17/2021, 9:49 AM

Alright, I get this output:

enough-bear-53057

02/17/2021, 10:08 AM

Thanks for your patience! I attempted to make a new registration with a new database using your exact config. Still don’t get the hd property which makes me think I have configured something wrong in Googles OIDC console

5 Views

Open in Slack

Previous Next