OIDC username_claim using percent encoding

TimA · January 27, 2021, 1:57pm

Hello,

Using OIDC provider to authenticate and register users on sync-gateway:2.8.0-community results in new users created with percent encoding.

oidc config…
“username_claim”: “email”,
“register”: true

email field in JWT does not have percent encoding, but of course has an @ character

usernames are being created in sync gateway like tim.test1%40example.com
even more, when using admin api, the percent-encoding needs to again be percent encoded
ie. {db}/_user/tim.test1%2540example.com

Is it possible to prevent percent-encoding on OIDC registrations or preprocess username_claim to do same.
I know it's possible to manually create usernames with email without the encoding.

Thanks,
-Tim

sarathkumarsivan · February 1, 2021, 5:44pm

@TimA Sync Gateway follows the same approach used for constructing OIDC username from subject claims in token, in the case of custom username claims as well. This means that the constructed username value is also encoded in URL encoded format to avoid conflicts with the reserved URL characters (if any) used in username claim, subject or user prefix provided. But it is reasonable to disable the URL encoding while generating OIDC usernames from custom claims. An enhancement ticket has been created to track this.