Contrib.social

How do I configure profile fields from data in custom scopes?

Open on Drupal.org β†’
Created on 16 November 2023, 8 months ago
Updated 6 May 2024, about 2 months ago

Problem/Motivation

I'm using Keycloak as my idp.

I've added several custom user attributes in Keycloak, and I've configured my openid connect client to push those fields out via the Profile scope, as well as a custom scope.

The problem is that the "User claims mapping" form in this module does not show the custom fields.

Which means I can't map the data from them into the custom Drupal user profile fields I added for that use.

Steps to reproduce

* Configure Keycloak to set custom user attributes in the Profile scope.
* Configure openid_connect with a generic or oauth2 connection using Keycloak.
* Confirm that you can authenticate with a Keycloak user.
* Check to see if there is any way to map the custom attributes to a drupal user field.

Other info

I have successfully authenticated via Keycloak.

If Keycloak's client scope evaluation tool is to be believed, those fields are showing up in the userinfo json.

I've tried using the Keycloak module with 8.x-1.4, as well as just openid_connect's 8.x-1.4's generic option.

My current setup is on openid_connect 3.0@dev using an Oauth2 configuration for Keycloak.

Looking into the code I think I see some lines that indicate the module should be pulling in data from the userinfo mappings for the claim/scope mapping form, but I haven't dug into it deep enough to be sure. I also found https://www.drupal.org/project/openid_connect/issues/2397585 β†’ which I think indicates custom scopes should be supported.

I'm running all this on a new install of Drupal 10.1.6. Keycloak is 22.0.5. Users are just direct Keycloak users, no third party user backend.

Anyway, what am I missing? Am I mistaken in thinking that my custom fields should show up?

Thanks in advance!

πŸ’¬ Support request
Status

Active

Version

3.0

Component

User interface

Created by

πŸ‡ΊπŸ‡ΈUnited States jerrac

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jerrac
  • Comment 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia lykyd

    Hello,

    To be able to map your custom fields to drupal fields you will have to create custom claims.
    Create a custom module and in its .module file (ex : yourmodule.module) you have to implement the g2f_account_openid_connect_claims_alter

     * Implements hook_openid_connect_userinfo_claim_alter()
 */
function yourmodule_openid_connect_claims_alter(array &$claims) {
  // Add custom claims to OpenID Connect administration
  $claims['custom_claim'] = [
    'scope' => 'profile',
    'title' => 'Custom Claim',
    'type' => 'string',
    'description' => 'A custom claim from provider',
  ];
}

    Then you should see "Custom Claim" in the "User claims mapping" form.

    PS : the other hook you might need is the hook_openid_connect_userinfo_claim_alter that will help you to rework the values of the custom fields to match the expected values of your Drupal fields.

  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jerrac

    I actually did end up implementing hook_openid_connect_claims_alter() and hook_openid_connect_userinfo_alter() to get what I needed. I just left this open because it seems like adding custom scopes should be possible via the UI. Though, judging from the lack of response up until now, it actually isn't, and likely won't be added.

    Man, I sure wish I had the money to pay for stuff like this to get added. Or the justification for spending the time implementing it myself.

    Anyway, I'm going to leave this open for now. But I won't complain if the maintainers close it as "won't fix" or something.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024