k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Merge pull request #2511 from Blorpy/remove_hd_oidc

Browse Source 
Remove google specific hd / hosted domain claim config from oidc connector
This commit is contained in:
Maksim Nabokikh
2022-05-13 07:48:14 +04:00
committed by GitHub
parent 997ec94a4a f07a58a7f1
commit 9cd29bdee0
1 changed files with 0 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
connector/oidc/oidc.go
View File

@@ -34,10 +34,6 @@ type Config struct {
Scopes []string `json:"scopes"` // defaults to "profile" and "email"
// Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomains"`
// Override the value of email_verified to true in the returned claims
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`
@@ -156,7 +152,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
),
logger: logger,
cancel: cancel,
hostedDomains: c.HostedDomains,
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
insecureEnableGroups: c.InsecureEnableGroups,
acrValues: c.AcrValues,
@@ -183,7 +178,6 @@ type oidcConnector struct {
verifier *oidc.IDTokenVerifier
cancel context.CancelFunc
logger log.Logger
hostedDomains []string
insecureSkipEmailVerified bool
insecureEnableGroups bool
acrValues []string
@@ -208,13 +202,6 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
}
var opts []oauth2.AuthCodeOption
if len(c.hostedDomains) > 0 {
preferredDomain := c.hostedDomains[0]
if len(c.hostedDomains) > 1 {
preferredDomain = "*"
}
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
}
if len(c.acrValues) > 0 {
acrValues := strings.Join(c.acrValues, " ")
@@ -361,21 +348,6 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
}
}
hostedDomain, _ := claims["hd"].(string)
if len(c.hostedDomains) > 0 {
found := false
for _, domain := range c.hostedDomains {
if hostedDomain == domain {
found = true
break
}
}
if !found {
return identity, fmt.Errorf("oidc: unexpected hd claim %v", hostedDomain)
}
}
cd := connectorData{
RefreshToken: []byte(token.RefreshToken),
}