The first_name and last_name claims required by Aha! are not OIDC conformant, leading to duplicate information in previously conformant JWT tokens. This increases the size of tokens. This can also make it harder to use a common token for Aha! and other services that are OIDC conformant.
The fix is pretty simple - support the OIDC conformant claims of "given_name" and "family_name" in place of "first_name" and "last_name".
OIDC 1.0 standard claims: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
Thank you for the response. You guys will likely need to deal with OIDC in the not too distant future. Identity service providers, such as Auth0 and Okta, are beginning to deprecate non-OIDC conformant tokens:
https://auth0.com/docs/api-auth/tutorials/adoption#my-application-works-just-fine-why-should-i-update-
New security features, at least for Auth0, are only being added to OIDC conformant tokens. This is making it more difficult for me to integrate non-OIDC conformant systems into SSO for our customers (we are setting up SSO from our SaaS offering to our Aha! Ideas page). At some point I will be forced to choose between:
Not enabling a key security feature for our service because we can't be OIDC compliant
due to Aha! JWT requirements
Forcing a customer to authenticate separately to Aha! Ideas
Moving to another provider that can accept OIDC conformant JWT for equivalent Aha! Ideas submittal
Options 1 and 2 are not workable long-term.
The JWT implementation in Aha! predates the OIDC specification. Unfortunately the current implementation does not make it possible to add aliases for for the claims and we cannot change the existing claims without breaking backwards compatibility.