update oidc documentation and email claim err msg

Signed-off-by: Rui Yang <ruiya@vmware.com>

update oidc documentation and email claim err msg
04949933 · Rui Yang · 41207ba2 · 04949933 · 04949933
Commit 04949933 authored 4 years ago by Rui Yang
--- a/Documentation/connectors/oidc.md
+++ b/Documentation/connectors/oidc.md
@@ -78,28 +78,21 @@ connectors:
    # promptType: consent
-    # Some providers return no standard claim that is different to 
+    # Some providers return non-standard claims (eg. mail).
-    # claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
+    # Use claimMapping to map those claims to standard claims:
-    # Use claimMapping to specify custom claim names
+    # https://openid.net/specs/openid-connect-core-1_0.html#Claims
+    # claimMapping can only map a non-standard claim to a standard one if it's not returned in the id_token.
    claimMapping:
-      # The set claim is used as user id.
-      # Default: sub
-      # user_id: nickname
-      # The set claim is used as user name.
-      # Default: name
-      # user_name: nickname
      # The set claim is used as preferred username.
      # Default: preferred_username
      # preferred_username: other_user_name
      # The set claim is used as email.
-      # Default: "email"
+      # Default: email
      # email: mail
      # The set claim is used as groups.
-      # Default: "groups"
+      # Default: groups
      # groups: "cognito:groups"
 ```

--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -330,7 +330,7 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
 	}
 	if !found && hasEmailScope {
-		return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
+		return identity, fmt.Errorf("missing email claim, not found \"%s\" key", emailKey)
 	}
 	emailVerified, found := claims["email_verified"].(bool)