connector/oidc: fix hosted domain support.
This commit is contained in:
parent
0e0b4c53ef
commit
5e0bf8b65f
@ -35,7 +35,7 @@ type Config struct {
|
||||
|
||||
// Optional list of whitelisted domains when using Google
|
||||
// If this field is nonempty, only users from a listed domain will be allowed to log in
|
||||
HostedDomains []string `json:"hostedDomain"`
|
||||
HostedDomains []string `json:"hostedDomains"`
|
||||
}
|
||||
|
||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||
@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
||||
if len(c.hostedDomains) > 0 {
|
||||
found := false
|
||||
for _, domain := range c.hostedDomains {
|
||||
if claims.HostedDomain != domain {
|
||||
if claims.HostedDomain == domain {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
|
@ -67,7 +67,8 @@ connectors:
|
||||
# clientID: $GOOGLE_CLIENT_ID
|
||||
# clientSecret: $GOOGLE_CLIENT_SECRET
|
||||
# redirectURI: http://127.0.0.1:5556/dex/callback
|
||||
# hostedDomain: $GOOGLE_HOSTED_DOMAIN
|
||||
# hostedDomains:
|
||||
# - $GOOGLE_HOSTED_DOMAIN
|
||||
|
||||
# Let dex keep a list of passwords which can be used to login to dex.
|
||||
enablePasswordDB: true
|
||||
|
Reference in New Issue
Block a user