Skip to content

Fix/additional claim in id token #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DaveOrDead merged 2 commits into from
Jan 10, 2025
Merged

Fix/additional claim in id token #314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3608b82
Added social identity as additional claim
clairekinde11 Jan 9, 2025
a0c5896
Added external provider ID to additional claims
clairekinde11 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/content/docs/build/tokens/about-access-tokens.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ Access tokens are a secure way of authenticating users, and passing information
]
```

- **External provider ID** - The ID you use to identify the organization the user is authorized against

Comment on lines +65 to +66
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance documentation for External provider ID claim

While the addition of this claim aligns with the PR objectives, the documentation would benefit from additional details:

  1. What is the actual claim name/key in the token?
  2. How does this differ from or relate to the existing org_code claim?
  3. An example showing its usage in the example access token section would be helpful.

Consider expanding the documentation like this:

-- **External provider ID** - The ID you use to identify the organization the user is authorized against
++ **External provider ID** - The `ext_org_id` claim (or actual claim name) contains the identifier used to map the organization in external identity provider systems. This differs from `org_code` which is Kinde's internal organization identifier.

Also, please add an example in the "Example access token" section showing this claim in use.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- **External provider ID** - The ID you use to identify the organization the user is authorized against
**External provider ID** - The `ext_org_id` claim (or actual claim name) contains the identifier used to map the organization in external identity provider systems. This differs from `org_code` which is Kinde's internal organization identifier.

- (MS Entra ID authentication only) Claims starting with `ext_` indicate that user details have come from a third party enterprise auth provider like Microsoft. For example:

```jsx
Expand Down
2 changes: 1 addition & 1 deletion src/content/docs/build/tokens/about-id-tokens.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ During authentication, ID tokens carry information about authenticated users sec

## Kinde additional claims

- **External ID** - The `provided_id` is the user‘s unique identification code in your system
- **Social identity** - Details from the user’s third-party profile, such as handle, username, and ID.
- **Organizations** - The `org_codes` claim contains an array of IDs for the Kinde organizations that the user belongs to.

## Example ID token
Expand Down
Loading