Content
View differences
Updated by Jan Sandbrink 5 days ago
**As** an administrator a \[enter role of user\]
**I want to** support signed userinfo responses from OpenID Connect providers, \[enter objective\]
**so that** OpenProject is also able to integrate with IDPs that make use of such features. \[enter desired result\]
**Acceptance criteria**
* When the userinfo endpoint of an OIDC provider responds with a signed JWT (application/jwt instead of application/json), OpenProject is able to understand this response <br>
**Technical notes**
* This depends on adding support for such responses to the `openid_connect` gem <br>
**Permissions and then updating to use the latest version of that gem visibility considerations**
* _To whom is this feature visible?_
* To be determined: Validating the signature would be sensible, though I am _When is it not sure how much additional change to the upstream gem would be required for it
visible?_
**Translation considerations**
* as per spec _Key terms and phrases in the validation of the signature is optional (SHOULD, Section 5.3.4)
key languages_
**Out of scope**
* Support for encrypted JWTs <br>
_Set the_ **To be informed/consulted teams** _field to include all teams necessary to be informed of the changes._
**I want to** support signed userinfo responses from OpenID Connect providers,
**so that** OpenProject is also able to integrate with IDPs that make use of such features.
**Acceptance criteria**
* When the userinfo endpoint of an OIDC provider responds with a signed JWT (application/jwt instead of application/json), OpenProject is able to understand this response
**Technical notes**
* This depends on adding support for such responses to the `openid_connect` gem
**Permissions
* _To whom is this feature visible?_
* To be determined: Validating the signature would be sensible, though I am
**Translation considerations**
* Support for encrypted JWTs
_Set the_ **To be informed/consulted teams** _field to include all teams necessary to be informed of the changes._