fix: Fallback when group claim is a string instead of an array of strings (#2639)

Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>
This commit is contained in:
Joost Buskermolen 2022-08-25 10:55:30 +02:00 committed by GitHub
parent f90318ea1d
commit 72dd3c60c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 0 deletions

View File

@ -351,6 +351,11 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
vs, found = claims[groupsKey].([]interface{}) vs, found = claims[groupsKey].([]interface{})
} }
// Fallback when claims[groupsKey] is a string instead of an array of strings.
if g, b := claims[groupsKey].(string); b {
groups = []string{g}
}
if found { if found {
for _, v := range vs { for _, v := range vs {
if s, ok := v.(string); ok { if s, ok := v.(string); ok {

View File

@ -271,6 +271,22 @@ func TestHandleCallback(t *testing.T) {
"cognito:groups": []string{"group3", "group4"}, "cognito:groups": []string{"group3", "group4"},
}, },
}, },
{
name: "singularGroupResponseAsString",
userIDKey: "", // not configured
userNameKey: "", // not configured
expectUserID: "subvalue",
expectUserName: "namevalue",
expectGroups: []string{"group1"},
expectedEmailField: "emailvalue",
token: map[string]interface{}{
"sub": "subvalue",
"name": "namevalue",
"groups": "group1",
"email": "emailvalue",
"email_verified": true,
},
},
} }
for _, tc := range tests { for _, tc := range tests {