Skip to content

feat: add native UAE PASS OIDC provider#4540

Open
suquant wants to merge 1 commit intoory:masterfrom
GByteTech:feat/uaepass-provider
Open

feat: add native UAE PASS OIDC provider#4540
suquant wants to merge 1 commit intoory:masterfrom
GByteTech:feat/uaepass-provider

Conversation

@suquant
Copy link

@suquant suquant commented Feb 23, 2026
edited
Loading

Add a dedicated 'uaepass' provider type that handles UAE PASS OAuth2 natively without OIDC discovery.

Key features:

  • Hardcoded staging/production endpoints (no .well-known support)
  • client_secret_basic auth style (AuthStyleInHeader)
  • Automatic acr_values injection for authentication level
  • No openid scope (UAE PASS does not support it)
  • Userinfo-based claims with all 18+ UAE PASS attributes
  • RawClaims populated for downstream Jsonnet mapper access
  • UUID-first subject identifier with sub fallback

Includes unit tests (provider_userinfo_test.go) and documentation (docs/uaepass/README.md) with Jsonnet mapper examples.

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.com) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Credits

https://gbyte.tech

@suquant suquant requested review from a team and aeneasr as code owners February 23, 2026 12:27
@CLAassistant
Copy link

CLAassistant commented Feb 23, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@suquant suquant mentioned this pull request Feb 23, 2026
Open
6 tasks
@suquant suquant force-pushed the feat/uaepass-provider branch 3 times, most recently from 30352b0 to 7969a27 Compare February 23, 2026 15:47
@suquant suquant marked this pull request as draft February 23, 2026 15:47
@suquant suquant force-pushed the feat/uaepass-provider branch 4 times, most recently from d5706b5 to a82579b Compare February 24, 2026 14:16
@suquant
feat: add native UAE PASS OIDC provider
20fc400 
Add a dedicated 'uaepass' provider type that handles UAE PASS OAuth2
natively without OIDC discovery.

Key features:
- Hardcoded staging/production endpoints (no .well-known support)
- client_secret_basic auth style (AuthStyleInHeader)
- Automatic acr_values injection for authentication level
- No openid scope (UAE PASS does not support it)
- Userinfo-based claims with all 18+ UAE PASS attributes
- RawClaims populated for downstream Jsonnet mapper access
- UUID-first subject identifier with sub fallback

Includes unit tests (provider_userinfo_test.go) and documentation
(docs/uaepass/README.md) with Jsonnet mapper examples.
@suquant suquant force-pushed the feat/uaepass-provider branch from a82579b to 20fc400 Compare February 24, 2026 14:23
@suquant suquant marked this pull request as ready for review February 24, 2026 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suquant @CLAassistant