WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
User Profiles - OAuth Authentication
The requested user profile may be rendered and consumed by the application using the following options.
-
By default, the requested user profile is rendered using a
NESTED
format where the authenticated principal and attributes are placed insideid
andattributes
tags respectively in the final structure.1 2 3 4 5 6 7 8
{ "id": "casuser", "attributes": { "email": "casuser@example.org", "name": "CAS" }, "something": "else" }
-
This option flattens principal attributes by one degree, putting them at the same level as
id
. Other nested elements in the final payload are left untouched.1 2 3 4 5 6
{ "id": "casuser", "email": "casuser@example.org", "name": "CAS", "something": "else" }
-
If you wish to create your own profile structure, you will need to design a component and register it with CAS to handle the rendering of the user profile:
1 2 3 4 5 6 7 8 9 10 11 12
package org.apereo.cas.support.oauth; @AutoConfiguration @EnableConfigurationProperties(CasConfigurationProperties.class) public class MyOAuthConfiguration { @Bean @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT) public OAuth20UserProfileViewRenderer oauthUserProfileViewRenderer() { ... } }
See this guide to learn more about how to register configurations into the CAS runtime.
Per Application
The user profile renderer may also be controlled on a per-application basis:
1
2
3
4
5
6
7
8
9
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^(https|imaps)://<redirect-uri>.*",
"name" : "OAuthService",
"id" : 100,
"userProfileViewType": "FLAT"
}