forked from mystiq/dex
Make oauth user name and user id configurable
Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Mark Huang <mhuang@pivotal.io>
This commit is contained in:
parent
9284ffb8c0
commit
a087c05ebf
2 changed files with 28 additions and 10 deletions
|
@ -28,6 +28,8 @@ type oauthConnector struct {
|
|||
userInfoURL string
|
||||
scopes []string
|
||||
groupsKey string
|
||||
userIDKey string
|
||||
userNameKey string
|
||||
httpClient *http.Client
|
||||
logger log.Logger
|
||||
}
|
||||
|
@ -45,6 +47,8 @@ type Config struct {
|
|||
UserInfoURL string `json:"userInfoURL"`
|
||||
Scopes []string `json:"scopes"`
|
||||
GroupsKey string `json:"groupsKey"`
|
||||
UserIDKey string `json:"userIDKey"`
|
||||
UserNameKey string `json:"userNameKey"`
|
||||
RootCAs []string `json:"rootCAs"`
|
||||
InsecureSkipVerify bool `json:"insecureSkipVerify"`
|
||||
}
|
||||
|
@ -60,6 +64,8 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
|
|||
userInfoURL: c.UserInfoURL,
|
||||
scopes: c.Scopes,
|
||||
groupsKey: c.GroupsKey,
|
||||
userIDKey: c.UserIDKey,
|
||||
userNameKey: c.UserNameKey,
|
||||
redirectURI: c.RedirectURI,
|
||||
logger: logger,
|
||||
}
|
||||
|
@ -165,17 +171,25 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
|
|||
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
|
||||
}
|
||||
|
||||
identity.UserID, _ = userInfoResult["user_id"].(string)
|
||||
identity.Name, _ = userInfoResult["name"].(string)
|
||||
identity.Username, _ = userInfoResult["user_name"].(string)
|
||||
identity.Email, _ = userInfoResult["email"].(string)
|
||||
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
|
||||
if c.userIDKey == "" {
|
||||
c.userIDKey = "user_id"
|
||||
}
|
||||
|
||||
if c.userNameKey == "" {
|
||||
c.userNameKey = "user_name"
|
||||
}
|
||||
|
||||
if s.Groups {
|
||||
if c.groupsKey == "" {
|
||||
c.groupsKey = "groups"
|
||||
}
|
||||
|
||||
identity.UserID, _ = userInfoResult[c.userIDKey].(string)
|
||||
identity.Username, _ = userInfoResult[c.userNameKey].(string)
|
||||
identity.Name, _ = userInfoResult["name"].(string)
|
||||
identity.Email, _ = userInfoResult["email"].(string)
|
||||
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
|
||||
|
||||
if s.Groups {
|
||||
groups := map[string]bool{}
|
||||
|
||||
c.addGroupsFromMap(groups, userInfoResult)
|
||||
|
|
|
@ -72,8 +72,8 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
|
|||
|
||||
userInfoClaims := map[string]interface{}{
|
||||
"name": "test-name",
|
||||
"user_name": "test-username",
|
||||
"user_id": "test-user-id",
|
||||
"user_id_key": "test-user-id",
|
||||
"user_name_key": "test-username",
|
||||
"email": "test-email",
|
||||
"email_verified": true,
|
||||
"groups_key": []string{"admin-group", "user-group"},
|
||||
|
@ -93,6 +93,7 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
|
|||
expectEqual(t, identity.Groups[0], "admin-group")
|
||||
expectEqual(t, identity.Groups[1], "user-group")
|
||||
expectEqual(t, identity.Name, "test-name")
|
||||
expectEqual(t, identity.UserID, "test-user-id")
|
||||
expectEqual(t, identity.Username, "test-username")
|
||||
expectEqual(t, identity.Email, "test-email")
|
||||
expectEqual(t, identity.EmailVerified, true)
|
||||
|
@ -106,8 +107,8 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
|
|||
|
||||
userInfoClaims := map[string]interface{}{
|
||||
"name": "test-name",
|
||||
"user_name": "test-username",
|
||||
"user_id": "test-user-id",
|
||||
"user_id_key": "test-user-id",
|
||||
"user_name_key": "test-username",
|
||||
"email": "test-email",
|
||||
"email_verified": true,
|
||||
}
|
||||
|
@ -124,6 +125,7 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
|
|||
expectEqual(t, len(identity.Groups), 1)
|
||||
expectEqual(t, identity.Groups[0], "test-group")
|
||||
expectEqual(t, identity.Name, "test-name")
|
||||
expectEqual(t, identity.UserID, "test-user-id")
|
||||
expectEqual(t, identity.Username, "test-username")
|
||||
expectEqual(t, identity.Email, "test-email")
|
||||
expectEqual(t, identity.EmailVerified, true)
|
||||
|
@ -197,6 +199,8 @@ func newConnector(t *testing.T, serverURL string) *oauthConnector {
|
|||
UserInfoURL: serverURL + "/userinfo",
|
||||
Scopes: []string{"openid", "groups"},
|
||||
GroupsKey: "groups_key",
|
||||
UserIDKey: "user_id_key",
|
||||
UserNameKey: "user_name_key",
|
||||
}
|
||||
|
||||
log := logrus.New()
|
||||
|
|
Loading…
Reference in a new issue