forked from mystiq/dex
make userName configurable
This commit is contained in:
parent
dfb2dfd333
commit
8c1716d356
3 changed files with 42 additions and 10 deletions
|
@ -71,7 +71,11 @@ connectors:
|
|||
# Default: sub
|
||||
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||
#
|
||||
# userIdKey: nickname
|
||||
# userIDKey: nickname
|
||||
|
||||
# The set claim is used as user name.
|
||||
# Default: name
|
||||
# userNameKey: nickname
|
||||
```
|
||||
|
||||
[oidc-doc]: openid-connect.md
|
||||
|
|
|
@ -47,6 +47,9 @@ type Config struct {
|
|||
|
||||
// Configurable key which contains the user id claim
|
||||
UserIDKey string `json:"userIDKey"`
|
||||
|
||||
// Configurable key which contains the user name claim
|
||||
UserNameKey string `json:"userNameKey"`
|
||||
}
|
||||
|
||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||
|
@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
|
||||
getUserInfo: c.GetUserInfo,
|
||||
userIDKey: c.UserIDKey,
|
||||
userNameKey: c.UserNameKey,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -151,6 +155,7 @@ type oidcConnector struct {
|
|||
insecureSkipEmailVerified bool
|
||||
getUserInfo bool
|
||||
userIDKey string
|
||||
userNameKey string
|
||||
}
|
||||
|
||||
func (c *oidcConnector) Close() error {
|
||||
|
@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
|||
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
|
||||
}
|
||||
|
||||
name, found := claims["name"].(string)
|
||||
userNameKey := "name"
|
||||
if c.userNameKey != "" {
|
||||
userNameKey = c.userNameKey
|
||||
}
|
||||
name, found := claims[userNameKey].(string)
|
||||
if !found {
|
||||
return identity, errors.New("missing \"name\" claim")
|
||||
return identity, fmt.Errorf("missing \"%s\" claim", userNameKey)
|
||||
}
|
||||
email, found := claims["email"].(string)
|
||||
if !found {
|
||||
|
|
|
@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) {
|
|||
tests := []struct {
|
||||
name string
|
||||
userIDKey string
|
||||
userNameKey string
|
||||
insecureSkipEmailVerified bool
|
||||
expectUserID string
|
||||
expectUserName string
|
||||
token map[string]interface{}
|
||||
}{
|
||||
{
|
||||
name: "simpleCase",
|
||||
userIDKey: "", // not configured
|
||||
userNameKey: "", // not configured
|
||||
expectUserID: "subvalue",
|
||||
expectUserName: "namevalue",
|
||||
token: map[string]interface{}{
|
||||
"sub": "subvalue",
|
||||
"name": "namevalue",
|
||||
|
@ -66,6 +70,7 @@ func TestHandleCallback(t *testing.T) {
|
|||
name: "email_verified not in claims, configured to be skipped",
|
||||
insecureSkipEmailVerified: true,
|
||||
expectUserID: "subvalue",
|
||||
expectUserName: "namevalue",
|
||||
token: map[string]interface{}{
|
||||
"sub": "subvalue",
|
||||
"name": "namevalue",
|
||||
|
@ -76,6 +81,7 @@ func TestHandleCallback(t *testing.T) {
|
|||
name: "withUserIDKey",
|
||||
userIDKey: "name",
|
||||
expectUserID: "namevalue",
|
||||
expectUserName: "namevalue",
|
||||
token: map[string]interface{}{
|
||||
"sub": "subvalue",
|
||||
"name": "namevalue",
|
||||
|
@ -83,6 +89,18 @@ func TestHandleCallback(t *testing.T) {
|
|||
"email_verified": true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "withUserNameKey",
|
||||
userNameKey: "user_name",
|
||||
expectUserID: "subvalue",
|
||||
expectUserName: "username",
|
||||
token: map[string]interface{}{
|
||||
"sub": "subvalue",
|
||||
"user_name": "username",
|
||||
"email": "emailvalue",
|
||||
"email_verified": true,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
|
@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) {
|
|||
Scopes: []string{"groups"},
|
||||
RedirectURI: fmt.Sprintf("%s/callback", serverURL),
|
||||
UserIDKey: tc.userIDKey,
|
||||
UserNameKey: tc.userNameKey,
|
||||
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
|
||||
}
|
||||
|
||||
|
@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) {
|
|||
}
|
||||
|
||||
expectEquals(t, identity.UserID, tc.expectUserID)
|
||||
expectEquals(t, identity.Username, "namevalue")
|
||||
expectEquals(t, identity.Username, tc.expectUserName)
|
||||
expectEquals(t, identity.Email, "emailvalue")
|
||||
expectEquals(t, identity.EmailVerified, true)
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue