connector/oidc: fix hosted domain support.
This commit is contained in:
parent
0e0b4c53ef
commit
5e0bf8b65f
@ -35,7 +35,7 @@ type Config struct {
|
|||||||
|
|
||||||
// Optional list of whitelisted domains when using Google
|
// Optional list of whitelisted domains when using Google
|
||||||
// If this field is nonempty, only users from a listed domain will be allowed to log in
|
// If this field is nonempty, only users from a listed domain will be allowed to log in
|
||||||
HostedDomains []string `json:"hostedDomain"`
|
HostedDomains []string `json:"hostedDomains"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||||
@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
|||||||
if len(c.hostedDomains) > 0 {
|
if len(c.hostedDomains) > 0 {
|
||||||
found := false
|
found := false
|
||||||
for _, domain := range c.hostedDomains {
|
for _, domain := range c.hostedDomains {
|
||||||
if claims.HostedDomain != domain {
|
if claims.HostedDomain == domain {
|
||||||
found = true
|
found = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
@ -67,7 +67,8 @@ connectors:
|
|||||||
# clientID: $GOOGLE_CLIENT_ID
|
# clientID: $GOOGLE_CLIENT_ID
|
||||||
# clientSecret: $GOOGLE_CLIENT_SECRET
|
# clientSecret: $GOOGLE_CLIENT_SECRET
|
||||||
# redirectURI: http://127.0.0.1:5556/dex/callback
|
# redirectURI: http://127.0.0.1:5556/dex/callback
|
||||||
# hostedDomain: $GOOGLE_HOSTED_DOMAIN
|
# hostedDomains:
|
||||||
|
# - $GOOGLE_HOSTED_DOMAIN
|
||||||
|
|
||||||
# Let dex keep a list of passwords which can be used to login to dex.
|
# Let dex keep a list of passwords which can be used to login to dex.
|
||||||
enablePasswordDB: true
|
enablePasswordDB: true
|
||||||
|
Reference in New Issue
Block a user