You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2019/04/05 07:12:09 UTC
[GitHub] [nifi] SimonLinder commented on issue #3398: NIFI-6171 always send
email scope for OIDC
SimonLinder commented on issue #3398: NIFI-6171 always send email scope for OIDC
URL: https://github.com/apache/nifi/pull/3398#issuecomment-480172395
Hi @mcgilman
thanks for your comment on my issue.
You are right about the exceptions, thrown in the constructor. But in this particular case, as stated in the spec of the discovery end, it is not mandatory to send the supported scopes, thus if the scope **email** is not returned, it is not correct to suppose that this scope is not supported. Therefore I would not make that check within the constructor. Same goes with the **openid** scope.
I came across this issue with an implementation of the [IdentityServer](https://identityserver.io/), where all **supported_scopes** where set to null, which is totally fine, but not RECOMMENDED.
I can follow your concern about removing the **lookupEmail()** function. And I think you're right about this. Therefore I would suggest to leave that function as is, be it as a fallback, but removing the check in the constructor (as I already did) and always adding the **email** scope (as I already did).
If you're agreeing to my suggestion I would change that accordingly and adjust my commit.
Cheers
Simon
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services