Use id_token for Azure AD Source about authentik HOT 6 OPEN

You're right I missed that bit. That would be a welcomed improvement indeed then

from authentik.

We'll probably still call the userinfo endpoint in the end, so that we're able to provide that information for source property mappings (#8771)

from authentik.

We'll probably still call the userinfo endpoint in the end, so that we're able to provide that information for source property mappings (#8771)

So this can't be implemented?

from authentik.

So this can't be implemented?

It would depend on how much data is actually included in the id_token given by azure. From a very quick look at the documentation, it seems like the id_token wouldn't contain all the data that one could retrieve from the userinfo endpoint, but feel free to correct me if I'm wrong

from authentik.

The only field missing is the profile picture, even though the docs say that the fields of the id_token should be a superset of the ones from the userinfo endpoint: https://learn.microsoft.com/en-us/entra/identity-platform/userinfo#consider-using-an-id-token-instead

from authentik.

I have a similar issue with Azure AD and missing information in the userinfo endpoint.

I am not completely sure what the expected implementation would be but for me it would be great to simply have the (decoded) id_token available in an Expression Policy used in an Enrolment Stage.
This way it should be very simply to map the needed information to the user accounts.

from authentik.