forked from mystiq/dex
revert changes for user id and user name
Signed-off-by: Rui Yang <ruiya@vmware.com>
This commit is contained in:
parent
0494993326
commit
058202d007
3 changed files with 13 additions and 25 deletions
|
@ -72,12 +72,20 @@ connectors:
|
|||
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
|
||||
# getUserInfo: true
|
||||
|
||||
# The set claim is used as user id.
|
||||
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||
# Default: sub
|
||||
# userIDKey: nickname
|
||||
|
||||
# The set claim is used as user name.
|
||||
# Default: name
|
||||
# userNameKey: nickname
|
||||
|
||||
# For offline_access, the prompt parameter is set by default to "prompt=consent".
|
||||
# However this is not supported by all OIDC providers, some of them support different
|
||||
# value for prompt, like "prompt=login" or "prompt=none"
|
||||
# promptType: consent
|
||||
|
||||
|
||||
# Some providers return non-standard claims (eg. mail).
|
||||
# Use claimMapping to map those claims to standard claims:
|
||||
# https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||
|
|
|
@ -49,22 +49,14 @@ type Config struct {
|
|||
// id tokens
|
||||
GetUserInfo bool `json:"getUserInfo"`
|
||||
|
||||
// Deprecated: use UserIDKey in claimMapping instead
|
||||
UserIDKey string `json:"userIDKey"`
|
||||
|
||||
// Deprecated: use UserNameKey in claimMapping instead
|
||||
UserNameKey string `json:"userNameKey"`
|
||||
|
||||
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
|
||||
PromptType string `json:"promptType"`
|
||||
|
||||
ClaimMapping struct {
|
||||
// Configurable key which contains the user id claim
|
||||
UserIDKey string `json:"user_id"` // defaults to "sub"
|
||||
|
||||
// Configurable key which contains the username claim
|
||||
UserNameKey string `json:"user_name"` // defaults to "name"
|
||||
|
||||
// Configurable key which contains the preferred username claims
|
||||
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
|
||||
|
||||
|
@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||
c.PromptType = "consent"
|
||||
}
|
||||
|
||||
// Backward compatibility
|
||||
userIDKey := c.ClaimMapping.UserIDKey
|
||||
if userIDKey == "" {
|
||||
userIDKey = c.UserIDKey
|
||||
}
|
||||
|
||||
// Backward compatibility
|
||||
userNameKey := c.ClaimMapping.UserNameKey
|
||||
if userNameKey == "" {
|
||||
userNameKey = c.UserNameKey
|
||||
}
|
||||
|
||||
clientID := c.ClientID
|
||||
return &oidcConnector{
|
||||
provider: provider,
|
||||
|
@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||
insecureEnableGroups: c.InsecureEnableGroups,
|
||||
getUserInfo: c.GetUserInfo,
|
||||
promptType: c.PromptType,
|
||||
userIDKey: userIDKey,
|
||||
userNameKey: userNameKey,
|
||||
userIDKey: c.UserIDKey,
|
||||
userNameKey: c.UserNameKey,
|
||||
preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
|
||||
emailKey: c.ClaimMapping.EmailKey,
|
||||
groupsKey: c.ClaimMapping.GroupsKey,
|
||||
|
|
|
@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) {
|
|||
ClientSecret: "clientSecret",
|
||||
Scopes: scopes,
|
||||
RedirectURI: fmt.Sprintf("%s/callback", serverURL),
|
||||
UserIDKey: tc.userIDKey,
|
||||
UserNameKey: tc.userNameKey,
|
||||
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
|
||||
InsecureEnableGroups: true,
|
||||
BasicAuthUnsupported: &basicAuth,
|
||||
}
|
||||
config.ClaimMapping.UserIDKey = tc.userIDKey
|
||||
config.ClaimMapping.UserNameKey = tc.userNameKey
|
||||
config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
|
||||
config.ClaimMapping.EmailKey = tc.emailKey
|
||||
config.ClaimMapping.GroupsKey = tc.groupsKey
|
||||
|
|
Loading…
Reference in a new issue