Retrieve the OpenID Connect user identifier
Follow these steps to retrieve the OpenID Connect Single sign-on (SSO) user identifier in your Genero application.
Once the user has been successfully authenticate and before starting the proxy, the OpenID
Connect service sets all attributes coming from the IdP with the prefix OIDC_
and
in uppercase. (OIDC stands for OpenID Connect).
For example, if you set email in the SCOPE
parameter of your application
configuration
,
you will have an attribute called OIDC_EMAIL
set that is then retrievable with the
instruction in your application.
LET userEmail = fgl_getenv("OIDC_EMAIL")
The name of the attribute (OIDC_EMAIL
) is set by the provider. Some providers
are known to use OIDC_EMAILADDRESS
. For more information, check the IdP endpoint
that returns the user's profile.
Even if there are no attributes being sent by the IdP (maybe because the user has not allowed the
Google console API to send them), the OIDC_SUB
attribute will always be available.
This attribute is an opaque value representing the user subject at IdP.