User Profiles - OAuth Authentication

The requested user profile may be rendered and consumed by the application using the following options.

• Nested
• Flat
• Custom

• By default, the requested user profile is rendered using a NESTED format where the authenticated principal and attributes are placed inside id and attributes tags respectively in the final structure.

  1
  2
  3
  4
  5
  6
  7
  8
  {
    "id": "casuser",
    "attributes": {
      "email": "casuser@example.org",
      "name": "CAS"
    },
    "something": "else"
  }
  

• This option flattens principal attributes by one degree, putting them at the same level as id. Other nested elements in the final payload are left untouched.

  1
  2
  3
  4
  5
  6
  {
    "id": "casuser",
    "email": "casuser@example.org",
    "name": "CAS",
    "something": "else"
  }
  

• If you wish to create your own profile structure, you will need to design a component and register it with CAS to handle the rendering of the user profile:

  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  package org.apereo.cas.support.oauth;
  
  @AutoConfiguration
  @EnableConfigurationProperties(CasConfigurationProperties.class)
  public class MyOAuthConfiguration {
  
      @Bean
      @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
      public OAuth20UserProfileViewRenderer oauthUserProfileViewRenderer() {
          ...
      }
  }
  

  See this guide to learn more about how to register configurations into the CAS runtime.

Per Application

The user profile renderer may also be controlled on a per-application basis:

1
2
3
4
5
6
7
8
9
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^(https|imaps)://<redirect-uri>.*",
  "name" : "OAuthService",
  "id" : 100,
  "userProfileViewType": "FLAT"
}