It’s possible I’m just stupid here, but I’ve configured NextCloud to authenticate against an on-premise IdP of ours (WHMCS), and while it technically works, the only attribute that gets pulled over is ‘subject’ (a random 16 character string), and not ‘email’ or ‘first_name’ or anything like that. Having reviewed the IdP documentation and done some validation in Postman, it seems like the ‘sub’ attribute is included in the id_token but the other attributes have to be queried from the user info endpoint (in this case, https://ouridurl.com/whmcs/user-info.php). That endpoint is listed in the well-known configuration that I set in the OpenID config in NextCloud.
When I generate my own access_token and query the user info endpoint (format: https://ouridurl.com/whmcs/user-info.php?access_token=myaccesstokengoeshere) it works and I’m able to see the user’s other attributes. But, NextCloud never absorbs those attributes, so I’m stuck with new users whose ‘name’ is a random 16 character ID string that I can’t edit and an empty email field that I also cannot edit.
I’m not sure if this is a bug or if I’m doing something wrong here but would love some assistance if anyone knows what’s going on here. Thanks!