On Tuesday the 14th at 12:30 CET we will be deploying a change adding a "aud" claim containing the client id to the response from the OpenID Connect userinfo endpoint. This should not impact any services. The change is made primarily to ease migration from the old, deprecated userinfo endpoint.
Example userinfo response before the change:
{ "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
Example userinfo response after the change, containing an "aud" claim with the client id:
{ "aud": "5578630b-cb54-4da4-8f15-eedaa8ec46c5", "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
If you have any questions about this change, please contact kontakt@sikt.no and refer to change #346136.
This change has now been deployed.
________________________________________ From: Morten Knutsen Sent: Friday, February 10, 2023 10:58 To: feide-updates@lister.sikt.no Subject: Change to the OpenID Connect userinfo endpoint response Tuesday 14th 12:30 CET
On Tuesday the 14th at 12:30 CET we will be deploying a change adding a "aud" claim containing the client id to the response from the OpenID Connect userinfo endpoint. This should not impact any services. The change is made primarily to ease migration from the old, deprecated userinfo endpoint.
Example userinfo response before the change:
{ "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
Example userinfo response after the change, containing an "aud" claim with the client id:
{ "aud": "5578630b-cb54-4da4-8f15-eedaa8ec46c5", "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f", "dataporten-userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/userid_sec": [ "feide:andreas@uninett.no" ], "https://n.feide.no/claims/eduPersonPrincipalName": "andreas@uninett.no", "name": "Andreas \u00c5kre Solberg", "email": "andreas.solberg@uninett.no", "email_verified": false, "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-b..." }
If you have any questions about this change, please contact kontakt@sikt.no and refer to change #346136.
-- Regards, Morten Knutsen Sikt / Feide
-
Morten Knutsen