Retrieve the OpenID Connect user identifier
Follow these steps to retrieve the OpenID Connect Single sign-on (SSO) user identifier in your Genero application.
Once the user has been successfully authenticate and before starting the proxy, the OpenID
Connect service sets all attributes coming from the IdP with the prefix OIDC_
and
in uppercase. (OIDC stands for OpenID Connect).
For example, if you set email in the SCOPE
parameter of your application
configuration (see Quick start: Set up OpenID Connect in JGAS), you will have an attribute
called OIDC_EMAIL
set that is then retrievable with the instruction in your
application.
To retrieve the user identifier, add this code to your Genero application:
LET userEmail = fgl_getenv("OIDC_EMAIL")
Warning: The name of the attribute (
OIDC_EMAIL
)
is set by the provider. Some providers are known to use OIDC_EMAILADDRESS
. For more
information, check the IdP endpoint that returns the user's profile. Note: Even if there are no attributes being sent by the IdP (maybe because the user has not allowed
the Google console API to send them), the
OIDC_SUB
attribute will always be
available. This attribute is an opaque value representing the user subject at IdP.