From 058202d007331d947f3f9934ce5cc9937bbee532 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Tue, 8 Sep 2020 13:12:53 -0400 Subject: [PATCH] revert changes for user id and user name Signed-off-by: Rui Yang --- Documentation/connectors/oidc.md | 10 +++++++++- connector/oidc/oidc.go | 24 ++---------------------- connector/oidc/oidc_test.go | 4 ++-- 3 files changed, 13 insertions(+), 25 deletions(-) diff --git a/Documentation/connectors/oidc.md b/Documentation/connectors/oidc.md index 6fd19184..e64cd2de 100644 --- a/Documentation/connectors/oidc.md +++ b/Documentation/connectors/oidc.md @@ -72,12 +72,20 @@ connectors: # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo # getUserInfo: true + # The set claim is used as user id. + # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims + # Default: sub + # userIDKey: nickname + + # The set claim is used as user name. + # Default: name + # userNameKey: nickname + # For offline_access, the prompt parameter is set by default to "prompt=consent". # However this is not supported by all OIDC providers, some of them support different # value for prompt, like "prompt=login" or "prompt=none" # promptType: consent - # Some providers return non-standard claims (eg. mail). # Use claimMapping to map those claims to standard claims: # https://openid.net/specs/openid-connect-core-1_0.html#Claims diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 4cc44ddb..b8e543d4 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -49,22 +49,14 @@ type Config struct { // id tokens GetUserInfo bool `json:"getUserInfo"` - // Deprecated: use UserIDKey in claimMapping instead UserIDKey string `json:"userIDKey"` - // Deprecated: use UserNameKey in claimMapping instead UserNameKey string `json:"userNameKey"` // PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent) PromptType string `json:"promptType"` ClaimMapping struct { - // Configurable key which contains the user id claim - UserIDKey string `json:"user_id"` // defaults to "sub" - - // Configurable key which contains the username claim - UserNameKey string `json:"user_name"` // defaults to "name" - // Configurable key which contains the preferred username claims PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username" @@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e c.PromptType = "consent" } - // Backward compatibility - userIDKey := c.ClaimMapping.UserIDKey - if userIDKey == "" { - userIDKey = c.UserIDKey - } - - // Backward compatibility - userNameKey := c.ClaimMapping.UserNameKey - if userNameKey == "" { - userNameKey = c.UserNameKey - } - clientID := c.ClientID return &oidcConnector{ provider: provider, @@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e insecureEnableGroups: c.InsecureEnableGroups, getUserInfo: c.GetUserInfo, promptType: c.PromptType, - userIDKey: userIDKey, - userNameKey: userNameKey, + userIDKey: c.UserIDKey, + userNameKey: c.UserNameKey, preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey, emailKey: c.ClaimMapping.EmailKey, groupsKey: c.ClaimMapping.GroupsKey, diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index 9d9bf751..ae92f70c 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) { ClientSecret: "clientSecret", Scopes: scopes, RedirectURI: fmt.Sprintf("%s/callback", serverURL), + UserIDKey: tc.userIDKey, + UserNameKey: tc.userNameKey, InsecureSkipEmailVerified: tc.insecureSkipEmailVerified, InsecureEnableGroups: true, BasicAuthUnsupported: &basicAuth, } - config.ClaimMapping.UserIDKey = tc.userIDKey - config.ClaimMapping.UserNameKey = tc.userNameKey config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey config.ClaimMapping.EmailKey = tc.emailKey config.ClaimMapping.GroupsKey = tc.groupsKey