On Tuesday the 14th at 12:30 CET we will be deploying a change adding a "aud" claim containing the client id to the response from the OpenID Connect userinfo endpoint. This should not impact any services. The change is made primarily to ease migration from the old, deprecated userinfo endpoint.
Example userinfo response before the change:
{ "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
Example userinfo response after the change, containing an "aud" claim with the client id:
{ "aud": "5578630b-cb54-4da4-8f15-eedaa8ec46c5", "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
If you have any questions about this change, please contact kontakt@sikt.no and refer to change #346136.