update oidc documentation and email claim err msg
Signed-off-by: Rui Yang <ruiya@vmware.com>
This commit is contained in:
parent
41207ba265
commit
0494993326
2 changed files with 7 additions and 14 deletions
|
@ -78,28 +78,21 @@ connectors:
|
||||||
# promptType: consent
|
# promptType: consent
|
||||||
|
|
||||||
|
|
||||||
# Some providers return no standard claim that is different to
|
# Some providers return non-standard claims (eg. mail).
|
||||||
# claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
# Use claimMapping to map those claims to standard claims:
|
||||||
# Use claimMapping to specify custom claim names
|
# https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||||
|
# claimMapping can only map a non-standard claim to a standard one if it's not returned in the id_token.
|
||||||
claimMapping:
|
claimMapping:
|
||||||
# The set claim is used as user id.
|
|
||||||
# Default: sub
|
|
||||||
# user_id: nickname
|
|
||||||
|
|
||||||
# The set claim is used as user name.
|
|
||||||
# Default: name
|
|
||||||
# user_name: nickname
|
|
||||||
|
|
||||||
# The set claim is used as preferred username.
|
# The set claim is used as preferred username.
|
||||||
# Default: preferred_username
|
# Default: preferred_username
|
||||||
# preferred_username: other_user_name
|
# preferred_username: other_user_name
|
||||||
|
|
||||||
# The set claim is used as email.
|
# The set claim is used as email.
|
||||||
# Default: "email"
|
# Default: email
|
||||||
# email: mail
|
# email: mail
|
||||||
|
|
||||||
# The set claim is used as groups.
|
# The set claim is used as groups.
|
||||||
# Default: "groups"
|
# Default: groups
|
||||||
# groups: "cognito:groups"
|
# groups: "cognito:groups"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -330,7 +330,7 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
||||||
}
|
}
|
||||||
|
|
||||||
if !found && hasEmailScope {
|
if !found && hasEmailScope {
|
||||||
return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
|
return identity, fmt.Errorf("missing email claim, not found \"%s\" key", emailKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
emailVerified, found := claims["email_verified"].(bool)
|
emailVerified, found := claims["email_verified"].(bool)
|
||||||
|
|
Reference in a new issue