Merge pull request #1545 from jacksontj/getUserInfo
Run getUserInfo prior to claim enforcement
This commit is contained in:
commit
f2590ee07d
1 changed files with 11 additions and 10 deletions
|
@ -213,6 +213,17 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
||||||
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
|
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We immediately want to run getUserInfo if configured before we validate the claims
|
||||||
|
if c.getUserInfo {
|
||||||
|
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
|
||||||
|
if err != nil {
|
||||||
|
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
|
||||||
|
}
|
||||||
|
if err := userInfo.Claims(&claims); err != nil {
|
||||||
|
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
userNameKey := "name"
|
userNameKey := "name"
|
||||||
if c.userNameKey != "" {
|
if c.userNameKey != "" {
|
||||||
userNameKey = c.userNameKey
|
userNameKey = c.userNameKey
|
||||||
|
@ -249,16 +260,6 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.getUserInfo {
|
|
||||||
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
|
|
||||||
if err != nil {
|
|
||||||
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
|
|
||||||
}
|
|
||||||
if err := userInfo.Claims(&claims); err != nil {
|
|
||||||
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
identity = connector.Identity{
|
identity = connector.Identity{
|
||||||
UserID: idToken.Subject,
|
UserID: idToken.Subject,
|
||||||
Username: name,
|
Username: name,
|
||||||
|
|
Reference in a new issue