docs: extend UAE PASS social sign-in provider documentation#2456
docs: extend UAE PASS social sign-in provider documentation#2456suquant wants to merge 5 commits intoory:masterfrom
Conversation
suquant
requested review from
aeneasr,
piotrmsc,
unatasha8,
vinckr and
zepatrik
as code owners
|
|
Add comprehensive reference sections for the UAE PASS provider: - Configuration fields reference table - Available claims (standard + rawClaims) with SOP-level availability - User account types (SOP1/SOP2/SOP3) with verification methods - Visitor account details and profileType distinction - Build and deploy instructions for custom Kratos fork - Staging testing guide with links to UAE PASS docs - UAE PASS-specific troubleshooting (missing attributes, logout redirects) - Logout endpoint added to endpoints table
suquant
force-pushed
the
docs/uaepass-extend-provider-documentation
branch
from
4570a2a to
b3bd53f
Compare
|
We already have UAEPass docs here — any additions or extensions should go into the existing file rather than creating a new .mdx file. |
…ovider-documentation
Consolidate 100_uaepass.mdx into 84_uaepass.mdx, combining Ory Console setup instructions with comprehensive CLI/self-hosted guide, rawClaims documentation, SOP level details, staging testing steps, and credits.
|
Hey @pi1814 , totally fair - our PR was actually opened before the existing UAE PASS docs landed (#2470 ), so we didn't have a single file to extend at the time. That's why it ended up as a separate file. Either way, we've now merged everything into 84_uaepass.mdx and dropped the extra file. Should be clean now - happy to address any other feedback! |
| [if 'email' in claims then 'email' else null]: claims.email, | ||
| name: { | ||
| first: claims.given_name, | ||
| last: claims.family_name, |
There was a problem hiding this comment.
The last name for the UAEPass provider is mapped under claims.last_name
There was a problem hiding this comment.
Actually, the provider maps LastnameEN to the FamilyName field in the Claims struct (provider_uaepass.go:172), which serializes as family_name (provider.go:60). There is a separate last_name field on the struct (line 61), but the UAE PASS provider doesn't populate it. So claims.family_name is the correct one here.
There was a problem hiding this comment.
Sorry, I didn't get that properly. We actually wrote the provider ourselves and mapped lastnameEN to family_name on purpose, following the standard OIDC claim convention. The original value is still available through claims.raw_claims.lastnameEN if needed.
There was a problem hiding this comment.
You're right that family_name follows the OIDC convention — however, the current implementation maps it to last_name instead.
| else if 'phone_number' in claims then claims.phone_number, | ||
| name: { | ||
| first: titleCase(claims.given_name), | ||
| last: titleCase(claims.family_name), |
There was a problem hiding this comment.
The last name for the UAEPass provider is mapped under claims.last_name
| [if 'email' in claims then 'email' else null]: claims.email, | ||
| name: { | ||
| first: claims.given_name, | ||
| last: claims.family_name, |
There was a problem hiding this comment.
UAEPass provider uses last_name instead of family_name
| client_id: .... # Replace with your UAE PASS client ID | ||
| client_secret: .... # Replace with your UAE PASS client secret | ||
| auth_url: https://id.uaepass.ae/idshub/authorize | ||
| token_url: https://id.uaepass.ae/idshub/token |
There was a problem hiding this comment.
auth_url and token_url are generally not necessary if issuer_url is present.
There was a problem hiding this comment.
Since UAE PASS doesn't have .well-known/openid-configuration, there's no OIDC discovery. The issuer_url is only used to derive the userinfo endpoint ({issuer_url}/userinfo). The auth_url and token_url default to staging independently and aren't derived from issuer_url, so for production you do need to set them explicitly. I've added a note to make this clearer.
There was a problem hiding this comment.
UAE PASS doesn't support OIDC discovery, but all three endpoints are hardcoded and derived from issuer_url:
{issuer_url}/idshub/authorize{issuer_url}/idshub/token{issuer_url}/idshub/userinfo
Ref: UAEPass Endpoints
Just set issuer_url to the correct base URL — auth_url and token_url are ignored:
- Production:
https://id.uaepass.ae(default if omitted) - Staging:
https://stg-id.uaepass.ae
That's it — no other config needed.
Apply review feedback: use raw_claims (matching the JSON struct tag in provider.go) instead of rawClaims throughout Jsonnet examples, info blocks, and claims reference tables. Also fix 'an URL' to 'a URL'.
|
This documentation is irrelevant cause of ory/kratos#4540 |
4 participants
Add comprehensive reference sections for the UAE PASS provider:
Related Issue or Design Document
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
Credits