Skip to content
Snippets Groups Projects
Commit f07a58a7 authored by Anthony Brandelli's avatar Anthony Brandelli
Browse files

Remove google specific hd / hosted domain claim config 


Signed-off-by: default avatarAnthony Brandelli <abrandel@cisco.com>
parent 453504c4
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 28 deletions
connector/oidc/oidc.go
+ 0
28
View file @ f07a58a7
...@@ -34,10 +34,6 @@ type Config struct { ...@@ -34,10 +34,6 @@ type Config struct {
Scopes []string `json:"scopes"` // defaults to "profile" and "email" Scopes []string `json:"scopes"` // defaults to "profile" and "email"
// Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomains"`
// Override the value of email_verified to true in the returned claims // Override the value of email_verified to true in the returned claims
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"` InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`
...@@ -156,7 +152,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ...@@ -156,7 +152,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
), ),
logger: logger, logger: logger,
cancel: cancel, cancel: cancel,
hostedDomains: c.HostedDomains,
insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
insecureEnableGroups: c.InsecureEnableGroups, insecureEnableGroups: c.InsecureEnableGroups,
acrValues: c.AcrValues, acrValues: c.AcrValues,
...@@ -183,7 +178,6 @@ type oidcConnector struct { ...@@ -183,7 +178,6 @@ type oidcConnector struct {
verifier *oidc.IDTokenVerifier verifier *oidc.IDTokenVerifier
cancel context.CancelFunc cancel context.CancelFunc
logger log.Logger logger log.Logger
hostedDomains []string
insecureSkipEmailVerified bool insecureSkipEmailVerified bool
insecureEnableGroups bool insecureEnableGroups bool
acrValues []string acrValues []string
...@@ -208,13 +202,6 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string) ...@@ -208,13 +202,6 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
} }
var opts []oauth2.AuthCodeOption var opts []oauth2.AuthCodeOption
if len(c.hostedDomains) > 0 {
preferredDomain := c.hostedDomains[0]
if len(c.hostedDomains) > 1 {
preferredDomain = "*"
}
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
}
if len(c.acrValues) > 0 { if len(c.acrValues) > 0 {
acrValues := strings.Join(c.acrValues, " ") acrValues := strings.Join(c.acrValues, " ")
...@@ -361,21 +348,6 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I ...@@ -361,21 +348,6 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
} }
} }
hostedDomain, _ := claims["hd"].(string)
if len(c.hostedDomains) > 0 {
found := false
for _, domain := range c.hostedDomains {
if hostedDomain == domain {
found = true
break
}
}
if !found {
return identity, fmt.Errorf("oidc: unexpected hd claim %v", hostedDomain)
}
}
cd := connectorData{ cd := connectorData{
RefreshToken: []byte(token.RefreshToken), RefreshToken: []byte(token.RefreshToken),
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment