From 058202d007331d947f3f9934ce5cc9937bbee532 Mon Sep 17 00:00:00 2001
From: Rui Yang <ruiya@vmware.com>
Date: Tue, 8 Sep 2020 13:12:53 -0400
Subject: [PATCH] revert changes for user id and user name
Signed-off-by: Rui Yang <ruiya@vmware.com>
---
Documentation/connectors/oidc.md | 10 +++++++++-
connector/oidc/oidc.go | 24 ++----------------------
connector/oidc/oidc_test.go | 4 ++--
3 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/Documentation/connectors/oidc.md b/Documentation/connectors/oidc.md
index 6fd19184..e64cd2de 100644
--- a/Documentation/connectors/oidc.md
+++ b/Documentation/connectors/oidc.md
@@ -72,12 +72,20 @@ connectors:
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
# getUserInfo: true
+ # The set claim is used as user id.
+ # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
+ # Default: sub
+ # userIDKey: nickname
+
+ # The set claim is used as user name.
+ # Default: name
+ # userNameKey: nickname
+
# For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent
-
# Some providers return non-standard claims (eg. mail).
# Use claimMapping to map those claims to standard claims:
# https://openid.net/specs/openid-connect-core-1_0.html#Claims
diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index 4cc44ddb..b8e543d4 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -49,22 +49,14 @@ type Config struct {
// id tokens
GetUserInfo bool `json:"getUserInfo"`
- // Deprecated: use UserIDKey in claimMapping instead
UserIDKey string `json:"userIDKey"`
- // Deprecated: use UserNameKey in claimMapping instead
UserNameKey string `json:"userNameKey"`
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"`
ClaimMapping struct {
- // Configurable key which contains the user id claim
- UserIDKey string `json:"user_id"` // defaults to "sub"
-
- // Configurable key which contains the username claim
- UserNameKey string `json:"user_name"` // defaults to "name"
-
// Configurable key which contains the preferred username claims
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
@@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
c.PromptType = "consent"
}
- // Backward compatibility
- userIDKey := c.ClaimMapping.UserIDKey
- if userIDKey == "" {
- userIDKey = c.UserIDKey
- }
-
- // Backward compatibility
- userNameKey := c.ClaimMapping.UserNameKey
- if userNameKey == "" {
- userNameKey = c.UserNameKey
- }
-
clientID := c.ClientID
return &oidcConnector{
provider: provider,
@@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
insecureEnableGroups: c.InsecureEnableGroups,
getUserInfo: c.GetUserInfo,
promptType: c.PromptType,
- userIDKey: userIDKey,
- userNameKey: userNameKey,
+ userIDKey: c.UserIDKey,
+ userNameKey: c.UserNameKey,
preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
emailKey: c.ClaimMapping.EmailKey,
groupsKey: c.ClaimMapping.GroupsKey,
diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go
index 9d9bf751..ae92f70c 100644
--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) {
ClientSecret: "clientSecret",
Scopes: scopes,
RedirectURI: fmt.Sprintf("%s/callback", serverURL),
+ UserIDKey: tc.userIDKey,
+ UserNameKey: tc.userNameKey,
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
InsecureEnableGroups: true,
BasicAuthUnsupported: &basicAuth,
}
- config.ClaimMapping.UserIDKey = tc.userIDKey
- config.ClaimMapping.UserNameKey = tc.userNameKey
config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
config.ClaimMapping.EmailKey = tc.emailKey
config.ClaimMapping.GroupsKey = tc.groupsKey
--
GitLab