Retrieve the OpenID Connect user identifier

Follow these steps to retrieve the OpenID Connect Single sign-on (SSO) user identifier in your Genero application.

Once the user has been successfully authenticate and before starting the proxy, the OpenID Connect service sets all attributes coming from the IdP with the prefix OIDC_ and in uppercase. (OIDC stands for OpenID Connect).

For example, if you set email in the SCOPE parameter of your application configuration , you will have an attribute called OIDC_EMAIL set that is then retrievable with the instruction in your application.

To retrieve the user identifier, add this code to your Genero application:

LET userEmail = fgl_getenv("OIDC_EMAIL")

Warning:

The name of the attribute (OIDC_EMAIL ) is set by the provider. Some providers are known to use OIDC_EMAILADDRESS. For more information, check the IdP endpoint that returns the user's profile.

Note:

Even if there are no attributes being sent by the IdP (maybe because the user has not allowed the Google console API to send them), the OIDC_SUB attribute will always be available. This attribute is an opaque value representing the user subject at IdP.