add configurable preferred_username key

Signed-off-by: Rui Yang <ruiya@vmware.com>

connector/oauth/oauth.go

@@ -21,18 +21,19 @@ import (
 )
 
 type oauthConnector struct {
-	clientID         string
+	clientID             string
-	clientSecret     string
+	clientSecret         string
-	redirectURI      string
+	redirectURI          string
-	tokenURL         string
+	tokenURL             string
-	authorizationURL string
+	authorizationURL     string
-	userInfoURL      string
+	userInfoURL          string
-	scopes           []string
+	scopes               []string
-	groupsKey        string
+	groupsKey            string
-	userIDKey        string
+	userIDKey            string
-	userNameKey      string
+	userNameKey          string
-	httpClient       *http.Client
+	preferredUsernameKey string
-	logger           log.Logger
+	httpClient           *http.Client
+	logger               log.Logger
 }
 
 type connectorData struct {
@@ -40,18 +41,19 @@ type connectorData struct {
 }
 
 type Config struct {
-	ClientID           string   `json:"clientID"`
+	ClientID             string   `json:"clientID"`
-	ClientSecret       string   `json:"clientSecret"`
+	ClientSecret         string   `json:"clientSecret"`
-	RedirectURI        string   `json:"redirectURI"`
+	RedirectURI          string   `json:"redirectURI"`
-	TokenURL           string   `json:"tokenURL"`
+	TokenURL             string   `json:"tokenURL"`
-	AuthorizationURL   string   `json:"authorizationURL"`
+	AuthorizationURL     string   `json:"authorizationURL"`
-	UserInfoURL        string   `json:"userInfoURL"`
+	UserInfoURL          string   `json:"userInfoURL"`
-	Scopes             []string `json:"scopes"`
+	Scopes               []string `json:"scopes"`
-	GroupsKey          string   `json:"groupsKey"`
+	GroupsKey            string   `json:"groupsKey"`
-	UserIDKey          string   `json:"userIDKey"`
+	UserIDKey            string   `json:"userIDKey"`
-	UserNameKey        string   `json:"userNameKey"`
+	UserNameKey          string   `json:"userNameKey"`
-	RootCAs            []string `json:"rootCAs"`
+	PreferredUsernameKey string   `json:"preferredUsernameKey"`
-	InsecureSkipVerify bool     `json:"insecureSkipVerify"`
+	RootCAs              []string `json:"rootCAs"`
+	InsecureSkipVerify   bool     `json:"insecureSkipVerify"`
 }
 
 func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
@@ -182,9 +184,13 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
 		c.groupsKey = "groups"
 	}
 
+	if c.preferredUsernameKey == "" {
+		c.preferredUsernameKey = "preferred_username"
+	}
+
 	identity.UserID, _ = userInfoResult[c.userIDKey].(string)
 	identity.Username, _ = userInfoResult[c.userNameKey].(string)
-	identity.PreferredUsername, _ = userInfoResult["name"].(string)
+	identity.PreferredUsername, _ = userInfoResult[c.preferredUsernameKey].(string)
 	identity.Email, _ = userInfoResult["email"].(string)
 	identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
 

connector/oauth/oauth_test.go

@@ -71,12 +71,13 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
 	tokenClaims := map[string]interface{}{}
 
 	userInfoClaims := map[string]interface{}{
-		"name":           "test-name",
+		"name":               "test-name",
-		"user_id_key":    "test-user-id",
+		"user_id_key":        "test-user-id",
-		"user_name_key":  "test-username",
+		"user_name_key":      "test-username",
-		"email":          "test-email",
+		"preferred_username": "test-preferred-username",
-		"email_verified": true,
+		"email":              "test-email",
-		"groups_key":     []string{"admin-group", "user-group"},
+		"email_verified":     true,
+		"groups_key":         []string{"admin-group", "user-group"},
 	}
 
 	testServer := testSetup(t, tokenClaims, userInfoClaims)
@@ -92,9 +93,9 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
 	expectEqual(t, len(identity.Groups), 2)
 	expectEqual(t, identity.Groups[0], "admin-group")
 	expectEqual(t, identity.Groups[1], "user-group")
-	expectEqual(t, identity.PreferredUsername, "test-name")
 	expectEqual(t, identity.UserID, "test-user-id")
 	expectEqual(t, identity.Username, "test-username")
+	expectEqual(t, identity.PreferredUsername, "test-preferred-username")
 	expectEqual(t, identity.Email, "test-email")
 	expectEqual(t, identity.EmailVerified, true)
 }
@@ -105,11 +106,12 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
 	}
 
 	userInfoClaims := map[string]interface{}{
-		"name":           "test-name",
+		"name":               "test-name",
-		"user_id_key":    "test-user-id",
+		"user_id_key":        "test-user-id",
-		"user_name_key":  "test-username",
+		"user_name_key":      "test-username",
-		"email":          "test-email",
+		"preferred_username": "test-preferred-username",
-		"email_verified": true,
+		"email":              "test-email",
+		"email_verified":     true,
 	}
 
 	testServer := testSetup(t, tokenClaims, userInfoClaims)
@@ -123,7 +125,7 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
 
 	expectEqual(t, len(identity.Groups), 1)
 	expectEqual(t, identity.Groups[0], "test-group")
-	expectEqual(t, identity.PreferredUsername, "test-name")
+	expectEqual(t, identity.PreferredUsername, "test-preferred-username")
 	expectEqual(t, identity.UserID, "test-user-id")
 	expectEqual(t, identity.Username, "test-username")
 	expectEqual(t, identity.Email, "test-email")

docs/connectors/oauth.md

@@ -35,15 +35,15 @@ connectors:
     # scopes:
     #  - identity
 
-    # Optional: Configurable keys for user id field look up
+    # Optional: Configurable keys for groups claim look up
     # Default: groups
     # groupsKey:
 
-    # Optional: Configurable keys for name field look up
+    # Optional: Configurable keys for user ID claim look up
     # Default: user_id
     # userIDKey:
 
-    # Optional: Configurable keys for username field look up
+    # Optional: Configurable keys for preferred username claim look up
-    # Default: user_name
+    # Default: preferred_username
-    # userNameKey:
+    # preferredUsernameKey:
-```
+```