Merge pull request #1545 from jacksontj/getUserInfo

Run getUserInfo prior to claim enforcement
This commit is contained in:
Nándor István Krácser 2019-10-30 13:26:18 +01:00 committed by GitHub
commit f2590ee07d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -213,6 +213,17 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
}
// We immediately want to run getUserInfo if configured before we validate the claims
if c.getUserInfo {
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
if err != nil {
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
}
if err := userInfo.Claims(&claims); err != nil {
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
}
}
userNameKey := "name"
if c.userNameKey != "" {
userNameKey = c.userNameKey
@ -249,16 +260,6 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
}
}
if c.getUserInfo {
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
if err != nil {
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
}
if err := userInfo.Claims(&claims); err != nil {
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
}
}
identity = connector.Identity{
UserID: idToken.Subject,
Username: name,