Extension Point: OpenID Connect CM User Claims Extractor
Basics
| Parameter | Value |
|---|---|
| Extension Point Key | OIDC_CMUSER_CLAIMS_EXTRACTOR |
| Extension Point Name | OpenID Connect CM User Claims Extractor |
| Extension Interface | OpenIdCmUserClaimsExtractor |
| Supports Multiple Extensions? | Yes |
| Selector Type | None |
| Available Since | 1.3.0 |
Use Cases
This extension is invoked by Commerce Manager when a user logs in. Extensions implementing this Extension Point can extract details about the user such as email, first name, and last name from the claims returned by OpenID Connect. They can also specify what roles and permissions the user should have in Commerce Manager.
Methods
getCustomScopes
The getCustomScopes method is invoked when a client retrieves the OpenID Connect configuration from Cortex. It allows the plugin to append to the list of scopes that the front-end should pass to the Identity Provider when the user is redirected to the authentication endpoint.
extractClaims
The extractClaims method is invoked when a user logs into Commerce Manager. It allows the extension to retrieve claim values from the Identity Provider (in context.getOpenIdClaims().getClaimsObjects()) and return then in the XPFOpenIdCMUserClaimsExtractionResult. Commerce Manager collects the responses from all extensions and combines them so that the CM user profile, roles, and access privileges can be updated.
Extension Sample
@Extension
@XPFEmbedded
@XPFAssignment(extensionPoint = XPFExtensionPointEnum.OIDC_CMUSER_CLAIMS_EXTRACTOR, priority = 100)
public class BasicOpenIdCmUserClaimsExtractor extends XPFExtensionPointImpl implements OpenIdCmUserClaimsExtractor {
/** Claim key for email. */
static final String KEY_EMAIL = "email";
/** Claim key for given name. */
static final String KEY_GIVENNAME = "given_name";
/** Claim key for family name. */
static final String KEY_FAMILYNAME = "family_name";
@Override
public Set<String> getCustomScopes() {
return Collections.emptySet();
}
@Override
public XPFOpenIdCMUserClaimsExtractionResult extractClaims(final XPFOpenIdClaimsExtractionContext xpfOpenIdClaimsExtractionContext) {
String email = (String) xpfOpenIdClaimsExtractionContext.getOpenIdClaims().getClaimsObjects().get(KEY_EMAIL);
String firstName = (String) xpfOpenIdClaimsExtractionContext.getOpenIdClaims().getClaimsObjects().get(KEY_GIVENNAME);
String lastName = (String) xpfOpenIdClaimsExtractionContext.getOpenIdClaims().getClaimsObjects().get(KEY_FAMILYNAME);
XPFOpenIdCMUserClaimsExtractionResult extractionResult = new XPFOpenIdCMUserClaimsExtractionResult();
extractionResult.setEmail(email);
extractionResult.setFirstName(firstName);
extractionResult.setLastName(lastName);
return extractionResult;
}
}