connector/oidc: fix hosted domain support.

This commit is contained in:
rithu john 2017-07-21 15:48:21 -07:00
parent 0e0b4c53ef
commit 5e0bf8b65f
2 changed files with 4 additions and 3 deletions

View File

@ -35,7 +35,7 @@ type Config struct {
// Optional list of whitelisted domains when using Google // Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in // If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomain"` HostedDomains []string `json:"hostedDomains"`
} }
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
if len(c.hostedDomains) > 0 { if len(c.hostedDomains) > 0 {
found := false found := false
for _, domain := range c.hostedDomains { for _, domain := range c.hostedDomains {
if claims.HostedDomain != domain { if claims.HostedDomain == domain {
found = true found = true
break break
} }

View File

@ -67,7 +67,8 @@ connectors:
# clientID: $GOOGLE_CLIENT_ID # clientID: $GOOGLE_CLIENT_ID
# clientSecret: $GOOGLE_CLIENT_SECRET # clientSecret: $GOOGLE_CLIENT_SECRET
# redirectURI: http://127.0.0.1:5556/dex/callback # redirectURI: http://127.0.0.1:5556/dex/callback
# hostedDomain: $GOOGLE_HOSTED_DOMAIN # hostedDomains:
# - $GOOGLE_HOSTED_DOMAIN
# Let dex keep a list of passwords which can be used to login to dex. # Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true enablePasswordDB: true