Add support for POST method in UserInfo requests #4367
Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for an issue that matches the one I want to file, without success.
Problem Description
Add support for POST method in UserInfo requests
Description
Currently, Dex's UserInfo implementation only supports the GET method when fetching user information from upstream identity providers. According to the OpenID Connect Core 1.0 specification (Section 5.3.1), the UserInfo endpoint MUST support both GET and POST methods.
Current Behavior
- Dex hardcodes the GET method for UserInfo requests
- Providers that require or prefer POST method cannot be properly integrated
Proposed Solution
Proposed Solution
Add a new configuration variable userInfoRequestMethod (or similar) to connector configurations that allows specifying the HTTP method for UserInfo requests.
Example Configuration
connectors:
- type: oidc
id: example
name: Example Provider
config:
issuer: https://example.com
clientID: client-id
clientSecret: client-secret
redirectURI: https://dex.example.com/callback
userInfoRequestMethod: POST # New field: GET (default) or POST
### Alternatives Considered
_No response_
### Additional Information
_No response_