revert changes for user id and user name

Signed-off-by: Rui Yang <ruiya@vmware.com>
This commit is contained in:
Rui Yang 2020-09-08 13:12:53 -04:00
parent 0494993326
commit 058202d007
3 changed files with 13 additions and 25 deletions

View File

@ -72,12 +72,20 @@ connectors:
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
# getUserInfo: true # getUserInfo: true
# The set claim is used as user id.
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
# Default: sub
# userIDKey: nickname
# The set claim is used as user name.
# Default: name
# userNameKey: nickname
# For offline_access, the prompt parameter is set by default to "prompt=consent". # For offline_access, the prompt parameter is set by default to "prompt=consent".
# However this is not supported by all OIDC providers, some of them support different # However this is not supported by all OIDC providers, some of them support different
# value for prompt, like "prompt=login" or "prompt=none" # value for prompt, like "prompt=login" or "prompt=none"
# promptType: consent # promptType: consent
# Some providers return non-standard claims (eg. mail). # Some providers return non-standard claims (eg. mail).
# Use claimMapping to map those claims to standard claims: # Use claimMapping to map those claims to standard claims:
# https://openid.net/specs/openid-connect-core-1_0.html#Claims # https://openid.net/specs/openid-connect-core-1_0.html#Claims

View File

@ -49,22 +49,14 @@ type Config struct {
// id tokens // id tokens
GetUserInfo bool `json:"getUserInfo"` GetUserInfo bool `json:"getUserInfo"`
// Deprecated: use UserIDKey in claimMapping instead
UserIDKey string `json:"userIDKey"` UserIDKey string `json:"userIDKey"`
// Deprecated: use UserNameKey in claimMapping instead
UserNameKey string `json:"userNameKey"` UserNameKey string `json:"userNameKey"`
// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent) // PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
PromptType string `json:"promptType"` PromptType string `json:"promptType"`
ClaimMapping struct { ClaimMapping struct {
// Configurable key which contains the user id claim
UserIDKey string `json:"user_id"` // defaults to "sub"
// Configurable key which contains the username claim
UserNameKey string `json:"user_name"` // defaults to "name"
// Configurable key which contains the preferred username claims // Configurable key which contains the preferred username claims
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username" PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
c.PromptType = "consent" c.PromptType = "consent"
} }
// Backward compatibility
userIDKey := c.ClaimMapping.UserIDKey
if userIDKey == "" {
userIDKey = c.UserIDKey
}
// Backward compatibility
userNameKey := c.ClaimMapping.UserNameKey
if userNameKey == "" {
userNameKey = c.UserNameKey
}
clientID := c.ClientID clientID := c.ClientID
return &oidcConnector{ return &oidcConnector{
provider: provider, provider: provider,
@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
insecureEnableGroups: c.InsecureEnableGroups, insecureEnableGroups: c.InsecureEnableGroups,
getUserInfo: c.GetUserInfo, getUserInfo: c.GetUserInfo,
promptType: c.PromptType, promptType: c.PromptType,
userIDKey: userIDKey, userIDKey: c.UserIDKey,
userNameKey: userNameKey, userNameKey: c.UserNameKey,
preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey, preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
emailKey: c.ClaimMapping.EmailKey, emailKey: c.ClaimMapping.EmailKey,
groupsKey: c.ClaimMapping.GroupsKey, groupsKey: c.ClaimMapping.GroupsKey,

View File

@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) {
ClientSecret: "clientSecret", ClientSecret: "clientSecret",
Scopes: scopes, Scopes: scopes,
RedirectURI: fmt.Sprintf("%s/callback", serverURL), RedirectURI: fmt.Sprintf("%s/callback", serverURL),
UserIDKey: tc.userIDKey,
UserNameKey: tc.userNameKey,
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified, InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
InsecureEnableGroups: true, InsecureEnableGroups: true,
BasicAuthUnsupported: &basicAuth, BasicAuthUnsupported: &basicAuth,
} }
config.ClaimMapping.UserIDKey = tc.userIDKey
config.ClaimMapping.UserNameKey = tc.userNameKey
config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
config.ClaimMapping.EmailKey = tc.emailKey config.ClaimMapping.EmailKey = tc.emailKey
config.ClaimMapping.GroupsKey = tc.groupsKey config.ClaimMapping.GroupsKey = tc.groupsKey