forked from mystiq/dex
Merge pull request #1545 from jacksontj/getUserInfo
Run getUserInfo prior to claim enforcement
This commit is contained in:
commit
f2590ee07d
1 changed files with 11 additions and 10 deletions
|
@ -213,6 +213,17 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
|||
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
|
||||
}
|
||||
|
||||
// We immediately want to run getUserInfo if configured before we validate the claims
|
||||
if c.getUserInfo {
|
||||
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
|
||||
if err != nil {
|
||||
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
|
||||
}
|
||||
if err := userInfo.Claims(&claims); err != nil {
|
||||
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
userNameKey := "name"
|
||||
if c.userNameKey != "" {
|
||||
userNameKey = c.userNameKey
|
||||
|
@ -249,16 +260,6 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
|||
}
|
||||
}
|
||||
|
||||
if c.getUserInfo {
|
||||
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
|
||||
if err != nil {
|
||||
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
|
||||
}
|
||||
if err := userInfo.Claims(&claims); err != nil {
|
||||
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
identity = connector.Identity{
|
||||
UserID: idToken.Subject,
|
||||
Username: name,
|
||||
|
|
Loading…
Reference in a new issue