Add parameter configuration to override email claim key

Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-04-17 10:01:52 +02:00
parent 52c39fb130
commit 61312e726e
3 changed files with 34 additions and 2 deletions
--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@@ -52,6 +52,7 @@ func TestHandleCallback(t *testing.T) {
 		preferredUsernameKey      string
 		insecureSkipEmailVerified bool
 		scopes                    []string
+		emailClaim                string
 		expectUserID              string
 		expectUserName            string
 		expectPreferredUsername   string
@@ -72,6 +73,21 @@ func TestHandleCallback(t *testing.T) {
 				"email_verified": true,
 			},
 		},
+		{
+			name:               "customEmailClaim",
+			userIDKey:          "", // not configured
+			userNameKey:        "", // not configured
+			emailClaim:         "mail",
+			expectUserID:       "subvalue",
+			expectUserName:     "namevalue",
+			expectedEmailField: "emailvalue",
+			token: map[string]interface{}{
+				"sub":            "subvalue",
+				"name":           "namevalue",
+				"mail":           "emailvalue",
+				"email_verified": true,
+			},
+		},
 		{
 			name:                      "email_verified not in claims, configured to be skipped",
 			insecureSkipEmailVerified: true,
@@ -206,6 +222,7 @@ func TestHandleCallback(t *testing.T) {
 				UserIDKey:                 tc.userIDKey,
 				UserNameKey:               tc.userNameKey,
 				PreferredUsernameKey:      tc.preferredUsernameKey,
+				EmailClaim:                tc.emailClaim,
 				InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
 				BasicAuthUnsupported:      &basicAuth,
 			}