TechQA.

Twitch OIDC is not returning email in userinfo endpoint

50 views Asked by At

I am trying to integrate Twitch OIDC provider in my spring boot app using spring authorization server, and when I try to get the user email it's says alway it not found. After reading their documentation, they sad that we should force retrieving the email and other desired information in the endpoint of /oauth2/authorize

To include the non-default claims, include the claims query parameter in your /authorize request. Set the claims query parameter to a string-encoded JSON object. The JSON object may contain the id_token and userinfo fields. Set id_token field to an object that specifies the claims that you want to include in the ID token, and set the userinfo field to an object that specifies the claims that you want to retrieve using the UserInfo endpoint. Each claim is a name/value pair, where name is the claim (e.g., email) and value is null.

So I added the following resolver to add this parameter in the authorize endpoint

public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private final OAuth2AuthorizationRequestResolver defaultResolver;

    public CustomAuthorizationRequestResolver(ClientRegistrationRepository repo) {
        this.defaultResolver = new DefaultOAuth2AuthorizationRequestResolver(repo, "/oauth2/authorization");
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest authRequest = defaultResolver.resolve(request);
        return authRequest != null ? customizeAuthorizationRequest(authRequest) : null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
        OAuth2AuthorizationRequest authRequest = defaultResolver.resolve(request, clientRegistrationId);
        return authRequest != null ? customizeAuthorizationRequest(authRequest) : null;
    }

    private OAuth2AuthorizationRequest customizeAuthorizationRequest(OAuth2AuthorizationRequest authRequest) {
        // Logique pour ajouter des claims supplémentaires
        Map<String, Object> additionalParameters = new LinkedHashMap<>(authRequest.getAdditionalParameters());
        additionalParameters.put("claims", "%7B%22id_token%22%3A%7B%22email%22%3Anull%2C%22email_verified%22%3Anull%7D%2C%22userinfo%22%3A%7B%22picture%22%3Anull%7D%7D");

        return OAuth2AuthorizationRequest.from(authRequest)
                .additionalParameters(additionalParameters)
                .build();
    }
}

application.yml

          
  security:
    oauth2:
      client:
        registration:
          twitch:
            provider: twitch
            client-id: blablabla
            client-secret: blobloblo
            client-authentication-method: 'client_secret_post'
            redirect-uri: http://localhost:9000/login/oauth2/code/twitch
            scope:
              - openid
              - user:read:email
            authorization-grant-type: authorization_code
            clientName: Sign in with Twitch
        provider:
          twitch:
            authorization-uri: https://id.twitch.tv/oauth2/authorize
            tokenUri: https://id.twitch.tv/oauth2/token
            userInfoUri: https://id.twitch.tv/oauth2/userinfo
            jwkSetUri: https://id.twitch.tv/oauth2/keys
            user-name-attribute: preferred_username

After testing this resolver, I am seeing the parameter claims added to the URL, but the email still not returned in the userinfo endpoint response

spring-boot openid-connect twitch spring-authorization-server twitch-api
Original Q&A
0

There are 0 answers

Related Questions in SPRING-BOOT

Related Questions in OPENID-CONNECT

Related Questions in TWITCH

Related Questions in SPRING-AUTHORIZATION-SERVER

Related Questions in TWITCH-API

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions