@erral How do you find the property "hd" when you using "Google Workspace" in the Plone request?
In my case:
I can obtain an access token; I made a curl request command:
curl --location --request POST 'http://localhost:8081/realms/plone/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--data-urlencode 'client_id=plone' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_secret=ERf33TbCtfP7NunSiIbCscocE' \
--data-urlencode 'scope=profile' \
--data-urlencode 'username=lcaballero' \
--data-urlencode 'password=TupeGqSshotTtouygr4sXnWNaqN'
The successful response shows the "access_token" if I decode it shows the following Payload:
{
"exp": 1709628054,
"iat": 1709627754,
"jti": "1b24c7a2-6a36-471c-b86f-979bcaf6b9f5",
"iss": "http://localhost:8081/realms/plone",
"aud": "account",
"sub": "ba317b32-3395-44c4-8ffe-6e2605b9f0c0",
"typ": "Bearer",
"azp": "plone",
"session_state": "17463e76-3369-4ef1-8185-aadece3fd49b",
"acr": "1",
"allowed-origins": [
"http://localhost:7080/Plone"
],
"realm_access": {
"roles": [
"default-roles-plone",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"sid": "17463e76-3369-4ef1-8185-aadece3fd49b",
"email_verified": true,
"name": "Leonardo Caballero",
"preferred_username": "lcaballero",
"organization_name": "acme",
"given_name": "Leonardo",
"family_name": "Caballero",
"email": "leonardocaballero@gmail.com"
}
That is the response from my Keycloak server, but my question is:
How to extract the "username" or the "email" properties from a Plone request?
This is not clear from the Plone 6 documentation, I am using Plone 6.0.7 version with Classic UI.