OpenID Connect
Public test client credentials
The following credentials are available for development purpose only:
ACCESS_KEY=125070
SECRET_KEY=f6ff8d394e6185d41834b19210979b897852680cf34700ae4ecb24ea
This client is allowed to request any scope, the following URI are accepted as
redirect_uri
:
Available scopes and claims
The CRI intranet OIDC provider give you access to the following claims, sorted by scope:
profile
name
: the user full name as a string (example: “Xavier Loginard”).
given_name
: the user first name, may be empty (example: “Xavier”).
family_name
: the user last name (example: “Loginard”).
preferred_username
: the user login (example: “xavier.loginard”).
zoneinfo
: always “Europe/Paris”.picture
picture
: URI of the user picture, may be empty.
picture_square
: URI of the user picture as a square centered on the face, may be empty.
picture_thumb
: URI the user picture thumbnail, may be empty.
email_verified
: true when the email is set, false otherwise.phone
phone_number
: the user mobile phone number, may be empty.
phone_number_verified
: always false since no phone verification is ever done.birthdate
birthdate
: the user birthdate as a YYYY-MM-DD string, may be empty (example: “1884-01-01”).legal_identity
legal_first_name
: the user first as written on official documents, may be empty.
legal_last_name
: the user first as written on official documents, may be empty.epita
uid
: the user ID, as an integer.
gid
: the user primary group ID, as an integer.
old_logins
: list of the user previous accounts username, in case of username update, as a list, may be empty.
new_login
: the user new account username, may be empty.
groups
: the list of groups the user is a member of, may be empty. Each group appears as a mapping containing the following fields :slug
,name
,gid
,kind
,private
.
campuses
: the list of the campuses of the user, may be empty. Each campus appears as the slug of the corresponding group.
graduation_years
: the list of graduation years (promo) associated with the user, may be empty.roles
roles
: the list of the user roles as specified in the client configuration, may be empty.
This list is summarized in the tables below:
profile |
picture |
phone |
|
---|---|---|---|
name |
picture |
phone_number |
|
given_name |
picture_square |
email_verified |
phone_number_verified |
family_name |
picture_thumb |
||
preferred_username |
|||
picture |
|||
zoneinfo |
birthdate |
legal_identity |
epita |
roles |
---|---|---|---|
birthdate |
legal_first_name |
uid |
roles |
legal_last_name |
gid |
||
groups |
|||
campuses |
|||
graduation_years |
related_accounts |
---|
old_logins |
new_login |