Skip to content
Snippets Groups Projects
Commit 8c1716d3 authored by flarno11's avatar flarno11
Browse files

make userName configurable

parent dfb2dfd3
No related branches found
No related tags found
No related merge requests found
...@@ -71,7 +71,11 @@ connectors: ...@@ -71,7 +71,11 @@ connectors:
# Default: sub # Default: sub
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
# #
# userIdKey: nickname # userIDKey: nickname
# The set claim is used as user name.
# Default: name
# userNameKey: nickname
``` ```
[oidc-doc]: openid-connect.md [oidc-doc]: openid-connect.md
......
...@@ -47,6 +47,9 @@ type Config struct { ...@@ -47,6 +47,9 @@ type Config struct {
// Configurable key which contains the user id claim // Configurable key which contains the user id claim
UserIDKey string `json:"userIDKey"` UserIDKey string `json:"userIDKey"`
// Configurable key which contains the user name claim
UserNameKey string `json:"userNameKey"`
} }
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
...@@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ...@@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
getUserInfo: c.GetUserInfo, getUserInfo: c.GetUserInfo,
userIDKey: c.UserIDKey, userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
}, nil }, nil
} }
...@@ -151,6 +155,7 @@ type oidcConnector struct { ...@@ -151,6 +155,7 @@ type oidcConnector struct {
insecureSkipEmailVerified bool insecureSkipEmailVerified bool
getUserInfo bool getUserInfo bool
userIDKey string userIDKey string
userNameKey string
} }
func (c *oidcConnector) Close() error { func (c *oidcConnector) Close() error {
...@@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide ...@@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err) return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
} }
name, found := claims["name"].(string) userNameKey := "name"
if c.userNameKey != "" {
userNameKey = c.userNameKey
}
name, found := claims[userNameKey].(string)
if !found { if !found {
return identity, errors.New("missing \"name\" claim") return identity, fmt.Errorf("missing \"%s\" claim", userNameKey)
} }
email, found := claims["email"].(string) email, found := claims["email"].(string)
if !found { if !found {
......
...@@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) { ...@@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
userIDKey string userIDKey string
userNameKey string
insecureSkipEmailVerified bool insecureSkipEmailVerified bool
expectUserID string expectUserID string
expectUserName string
token map[string]interface{} token map[string]interface{}
}{ }{
{ {
name: "simpleCase", name: "simpleCase",
userIDKey: "", // not configured userIDKey: "", // not configured
expectUserID: "subvalue", userNameKey: "", // not configured
expectUserID: "subvalue",
expectUserName: "namevalue",
token: map[string]interface{}{ token: map[string]interface{}{
"sub": "subvalue", "sub": "subvalue",
"name": "namevalue", "name": "namevalue",
...@@ -66,6 +70,7 @@ func TestHandleCallback(t *testing.T) { ...@@ -66,6 +70,7 @@ func TestHandleCallback(t *testing.T) {
name: "email_verified not in claims, configured to be skipped", name: "email_verified not in claims, configured to be skipped",
insecureSkipEmailVerified: true, insecureSkipEmailVerified: true,
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue",
token: map[string]interface{}{ token: map[string]interface{}{
"sub": "subvalue", "sub": "subvalue",
"name": "namevalue", "name": "namevalue",
...@@ -73,9 +78,10 @@ func TestHandleCallback(t *testing.T) { ...@@ -73,9 +78,10 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "withUserIDKey", name: "withUserIDKey",
userIDKey: "name", userIDKey: "name",
expectUserID: "namevalue", expectUserID: "namevalue",
expectUserName: "namevalue",
token: map[string]interface{}{ token: map[string]interface{}{
"sub": "subvalue", "sub": "subvalue",
"name": "namevalue", "name": "namevalue",
...@@ -83,6 +89,18 @@ func TestHandleCallback(t *testing.T) { ...@@ -83,6 +89,18 @@ func TestHandleCallback(t *testing.T) {
"email_verified": true, "email_verified": true,
}, },
}, },
{
name: "withUserNameKey",
userNameKey: "user_name",
expectUserID: "subvalue",
expectUserName: "username",
token: map[string]interface{}{
"sub": "subvalue",
"user_name": "username",
"email": "emailvalue",
"email_verified": true,
},
},
} }
for _, tc := range tests { for _, tc := range tests {
...@@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) { ...@@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) {
Scopes: []string{"groups"}, Scopes: []string{"groups"},
RedirectURI: fmt.Sprintf("%s/callback", serverURL), RedirectURI: fmt.Sprintf("%s/callback", serverURL),
UserIDKey: tc.userIDKey, UserIDKey: tc.userIDKey,
UserNameKey: tc.userNameKey,
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified, InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
} }
...@@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) { ...@@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) {
} }
expectEquals(t, identity.UserID, tc.expectUserID) expectEquals(t, identity.UserID, tc.expectUserID)
expectEquals(t, identity.Username, "namevalue") expectEquals(t, identity.Username, tc.expectUserName)
expectEquals(t, identity.Email, "emailvalue") expectEquals(t, identity.Email, "emailvalue")
expectEquals(t, identity.EmailVerified, true) expectEquals(t, identity.EmailVerified, true)
}) })
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment