Return display_name as the name property

[psrpinto]

According to OIDC spec (scroll down to section 2.5), the name property should be:

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

In this PR we're returning WordPress' display_name as the name property.

@ashfame There are other properties we could return as well, do you think we should? Thinking specifically of:

• email
• website
• locale

[psrpinto]

Also, I'm not sure we're returning a sub, should we?

Subject - Identifier for the End-User at the Issuer.

[ashfame]

I would be say plugin's goal should be to pass minimum amount of data via OIDC that's enough to make it work, as passing more data maybe undesirable. Feel free to disagree/discuss :)

That being said, I am guessing, Synapse uses name and not the given_name and family_name?

Re sub might be ok, but without the usecase, lets no do that? We don't know what service out there might try to use sub to generate username on their side, which again maybe undesirable for some. The filter we have provided should be enough to cover all custom cases as folks using this plugin desire.

[psrpinto]

The motivation for this PR is indeed so that wporg's Matrix server can use name, instead of needing to compute the display name from the given_name and family_name. I think removing this need to compute the display name (by setting it to WP's display_name) is useful for other OIDC clients as well.

I do agree this plugin should expose as little data as possible by default, also for privacy reasons. That said, I think it would make sense to expose sub because, according to the spec ,sub is the only property that clients can use to uniquely identify the user:

The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique and never reassigned within the Issuer for a particular End-User, as described in Section 2.2. Therefore, the only guaranteed unique identifier for a given End-User is the combination of the iss Claim and the sub Claim.

If you think it makes sense to expose sub, I can do so here (by setting it to nicename), or if you prefer I can open another PR. But the only think I really need is to have the name set to display_name, so I'm also fine with not doing anything about sub for now.

[ashfame]

I can't wrap my head around making a call on sub right now so can we defer that to a separate issue & not let that block this PR?

[psrpinto]

Sounds good, merging 👍