Openid connect scopes profile and email not working

Hi, I just installed the OpenID Connect plugin and I am doing some test with Everything went smoothly and I received correctly the id token. In the request, I asked for “openid profile email” scopes. Inside the received token, however, I can see only the “aud, exp, iat, iss, sub, at_hash, sid” claims, and nothing about profile or email.

My users has all the email and username set. Anyone can help? Thanks.

Hi @claudio.capobianco,

the linked application uses the code flow which generates an access token. An access token does not contain the requested claims, but can be used to request them from the user info endpoint.

Thank you @fbartels for your reply and clarification.

The problem now is that most plugin expect to find username and email information in the id token, and there is no way to force to use the user info endpoint :frowning:

I would like to avoid to write my own plugin. Any ideas would be appreciated, thanks.

Do you have a concrete example? To me it sounds like your application does not properly implement oidc (but rather only oauth 2.0)

1 Like

The only OIDC plugin for Joomla I found is MiniOrange OAuth Client. Indeed it’s name suggests that is for oauth2, but in the description it says that works with custom OpenID Connect servers.

Probably I’m not expert enough in the OIDC world, I read a lot of documentation but some concept is not totally clear yet.

Then miniOrange cannot be used with univention? Unluckily I cannot find other OIDC client for Joomla for custom server.

Hi @claudio.capobianco,

looking at their website the oidc support is only part of their “premium” tier. Is that the version that you are using as well?

Oh, I see, now I understand what it means… no I don’t have the “premium” tier, indeed.

@fbartels thank you so much for you support and the explanations!