diff options
Diffstat (limited to 'doc/integration/openid_connect_provider.md')
-rw-r--r-- | doc/integration/openid_connect_provider.md | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/doc/integration/openid_connect_provider.md b/doc/integration/openid_connect_provider.md index 54d4a5b6bb7..e85231d1c25 100644 --- a/doc/integration/openid_connect_provider.md +++ b/doc/integration/openid_connect_provider.md @@ -47,20 +47,19 @@ The following user information is shared with clients: | Claim | Type | Description | |:-----------------|:----------|:------------| -| `sub` | `string` | The ID of the user -| `sub_legacy` | `string` | An opaque token that uniquely identifies the user<br><br>**Deprecation notice:** this token isn't stable because it's tied to the Rails secret key base, and is provided only for migration to the new stable `sub` value available from GitLab 11.1 -| `auth_time` | `integer` | The timestamp for the user's last authentication -| `name` | `string` | The user's full name -| `nickname` | `string` | The user's GitLab username -| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise -| `email_verified` | `boolean` | Whether the user's email address was verified -| `website` | `string` | URL for the user's website -| `profile` | `string` | URL for the user's GitLab profile -| `picture` | `string` | URL for the user's GitLab avatar -| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. -| `groups_direct` | `array` | Paths for the groups the user is a direct member of. -| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role -| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role -| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role +| `sub` | `string` | The ID of the user | +| `auth_time` | `integer` | The timestamp for the user's last authentication | +| `name` | `string` | The user's full name | +| `nickname` | `string` | The user's GitLab username | +| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise | +| `email_verified` | `boolean` | Whether the user's email address was verified | +| `website` | `string` | URL for the user's website | +| `profile` | `string` | URL for the user's GitLab profile | +| `picture` | `string` | URL for the user's GitLab avatar | +| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. | +| `groups_direct` | `array` | Paths for the groups the user is a direct member of. | +| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role | +| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role | +| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role | The claims `sub`, `sub_legacy`, `email`, `email_verified` and `groups_direct` are included in the ID token. All other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients. |