revert changes for user id and user name

Signed-off-by: Rui Yang <ruiya@vmware.com>
This commit is contained in:
Rui Yang 2020-09-08 13:12:53 -04:00
parent 0494993326
commit 058202d007
3 changed files with 13 additions and 25 deletions

View File

@ -72,12 +72,20 @@ connectors:
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
# getUserInfo: true
# The set claim is used as user id.
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
# Default: sub
# userIDKey: nickname
# The set claim is used as user name.
# Default: name
# userNameKey: nickname
# For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent
# Some providers return non-standard claims (eg. mail).
# Use claimMapping to map those claims to standard claims:
# https://openid.net/specs/openid-connect-core-1_0.html#Claims

View File

@ -49,22 +49,14 @@ type Config struct {
// id tokens
GetUserInfo bool `json:"getUserInfo"`
// Deprecated: use UserIDKey in claimMapping instead
UserIDKey string `json:"userIDKey"`
// Deprecated: use UserNameKey in claimMapping instead
UserNameKey string `json:"userNameKey"`
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"`
ClaimMapping struct {
// Configurable key which contains the user id claim
UserIDKey string `json:"user_id"` // defaults to "sub"
// Configurable key which contains the username claim
UserNameKey string `json:"user_name"` // defaults to "name"
// Configurable key which contains the preferred username claims
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
c.PromptType = "consent"
}
// Backward compatibility
userIDKey := c.ClaimMapping.UserIDKey
if userIDKey == "" {
userIDKey = c.UserIDKey
}
// Backward compatibility
userNameKey := c.ClaimMapping.UserNameKey
if userNameKey == "" {
userNameKey = c.UserNameKey
}
clientID := c.ClientID
return &oidcConnector{
provider: provider,
@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
insecureEnableGroups: c.InsecureEnableGroups,
getUserInfo: c.GetUserInfo,
promptType: c.PromptType,
userIDKey: userIDKey,
userNameKey: userNameKey,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
emailKey: c.ClaimMapping.EmailKey,
groupsKey: c.ClaimMapping.GroupsKey,

View File

@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) {
ClientSecret: "clientSecret",
Scopes: scopes,
RedirectURI: fmt.Sprintf("%s/callback", serverURL),
UserIDKey: tc.userIDKey,
UserNameKey: tc.userNameKey,
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
InsecureEnableGroups: true,
BasicAuthUnsupported: &basicAuth,
}
config.ClaimMapping.UserIDKey = tc.userIDKey
config.ClaimMapping.UserNameKey = tc.userNameKey
config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
config.ClaimMapping.EmailKey = tc.emailKey
config.ClaimMapping.GroupsKey = tc.groupsKey