diff --git a/README.md b/README.md index 05238b1b..5e18e515 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ Dex implements the following connectors: | [SAML 2.0](https://dexidp.io/docs/connectors/saml/) | no | yes | no | stable | WARNING: Unmaintained and likely vulnerable to auth bypasses ([#1884](https://github.com/dexidp/dex/discussions/1884)) | | [GitLab](https://dexidp.io/docs/connectors/gitlab/) | yes | yes | yes | beta | | | [OpenID Connect](https://dexidp.io/docs/connectors/oidc/) | yes | yes | yes | beta | Includes Salesforce, Azure, etc. | -| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth.md) | no | yes | yes | beta | | +| [OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | | | [Google](https://dexidp.io/docs/connectors/google/) | yes | yes | yes | alpha | | | [LinkedIn](https://dexidp.io/docs/connectors/linkedin/) | yes | no | no | beta | | | [Microsoft](https://dexidp.io/docs/connectors/microsoft/) | yes | yes | no | beta | | @@ -81,7 +81,7 @@ Dex implements the following connectors: | [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config | | [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | alpha | | | [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | | -| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | +| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | | Stable, beta, and alpha are defined as: diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index ad83dad2..c709531e 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -65,6 +65,30 @@ type Config struct { func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { var err error + if c.UserIDKey == "" { + c.UserIDKey = "id" + } + + if c.ClaimMapping.UserNameKey == "" { + c.ClaimMapping.UserNameKey = "user_name" + } + + if c.ClaimMapping.PreferredUsernameKey == "" { + c.ClaimMapping.PreferredUsernameKey = "preferred_username" + } + + if c.ClaimMapping.GroupsKey == "" { + c.ClaimMapping.GroupsKey = "groups" + } + + if c.ClaimMapping.EmailKey == "" { + c.ClaimMapping.EmailKey = "email" + } + + if c.ClaimMapping.EmailVerifiedKey == "" { + c.ClaimMapping.EmailVerifiedKey = "email_verified" + } + oauthConn := &oauthConnector{ clientID: c.ClientID, clientSecret: c.ClientSecret, @@ -181,36 +205,12 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err) } - if c.userIDKey == "" { - c.userIDKey = "id" - } - userID, found := userInfoResult[c.userIDKey].(string) if !found { return identity, fmt.Errorf("OAuth Connector: not found %v claim", c.userIDKey) } identity.UserID = userID - if c.userNameKey == "" { - c.userNameKey = "user_name" - } - - if c.preferredUsernameKey == "" { - c.preferredUsernameKey = "preferred_username" - } - - if c.groupsKey == "" { - c.groupsKey = "groups" - } - - if c.emailKey == "" { - c.emailKey = "email" - } - - if c.emailVerifiedKey == "" { - c.emailVerifiedKey = "email_verified" - } - identity.Username, _ = userInfoResult[c.userNameKey].(string) identity.PreferredUsername, _ = userInfoResult[c.preferredUsernameKey].(string) identity.Email, _ = userInfoResult[c.emailKey].(string) diff --git a/docs/connectors/oauth.md b/docs/connectors/oauth.md deleted file mode 100644 index d129bc5f..00000000 --- a/docs/connectors/oauth.md +++ /dev/null @@ -1,64 +0,0 @@ -# Authentication using Generic OAuth 2.0 provider - -## Overview - -Dex users can make use of this connector to work with standards-compliant [OAuth 2.0](https://oauth.net/2/) authorization provider, in case of that authorization provider is not in the Dex connectors list. - -## Configuration - -The following is an example of a configuration for using OAuth connector with Reddit. - -```yaml -connectors: -- type: oauth - # ID of OAuth 2.0 provider - id: reddit - # Name of OAuth 2.0 provider - name: reddit - config: - # Connector config values starting with a "$" will read from the environment. - clientID: $REDDIT_CLIENT_ID - clientSecret: $REDDIT_CLIENT_SECRET - redirectURI: http://127.0.0.1:5556/callback - - tokenURL: https://www.reddit.com/api/v1/access_token - authorizationURL: https://www.reddit.com/api/v1/authorize - userInfoURL: https: https://www.reddit.com/api/v1/me - - # Optional: Specify whether to communicate to Auth provider without validating SSL certificates - # insecureSkipVerify: false - - # Optional: The location of file containing SSL certificates to commmunicate to Auth provider - # rootCAs: /etc/ssl/reddit.pem - - # Optional: List of scopes to request Auth provider for access user account - # scopes: - # - identity - - # Optional: Configurable keys for user ID look up - # Default: id - # userIDKey: - - # Auth roviders return non-standard user identity profile - # Use claimMapping to map those user infomations to standard claims: - claimMapping: - # Optional: Configurable keys for user name look up - # Default: user_name - # userNameKey: - - # Optional: Configurable keys for preferred username look up - # Default: preferred_username - # preferredUsernameKey: - - # Optional: Configurable keys for user groups look up - # Default: groups - # groupsKey: - - # Optional: Configurable keys for email look up - # Default: email - # emailKey: - - # Optional: Configurable keys for email verified look up - # Default: email_verified - # emailVerifiedKey: -```