Make oauth user name and user id configurable
Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Mark Huang <mhuang@pivotal.io>
This commit is contained in:
Josh Winters
Rui Yang
parent
9284ffb8c0
commit
a087c05ebf
@ -28,6 +28,8 @@ type oauthConnector struct {
|
|||||||
userInfoURL string
|
userInfoURL string
|
||||||
scopes []string
|
scopes []string
|
||||||
groupsKey string
|
groupsKey string
|
||||||
|
userIDKey string
|
||||||
|
userNameKey string
|
||||||
httpClient *http.Client
|
httpClient *http.Client
|
||||||
logger log.Logger
|
logger log.Logger
|
||||||
}
|
}
|
||||||
@ -45,6 +47,8 @@ type Config struct {
|
|||||||
UserInfoURL string `json:"userInfoURL"`
|
UserInfoURL string `json:"userInfoURL"`
|
||||||
Scopes []string `json:"scopes"`
|
Scopes []string `json:"scopes"`
|
||||||
GroupsKey string `json:"groupsKey"`
|
GroupsKey string `json:"groupsKey"`
|
||||||
|
UserIDKey string `json:"userIDKey"`
|
||||||
|
UserNameKey string `json:"userNameKey"`
|
||||||
RootCAs []string `json:"rootCAs"`
|
RootCAs []string `json:"rootCAs"`
|
||||||
InsecureSkipVerify bool `json:"insecureSkipVerify"`
|
InsecureSkipVerify bool `json:"insecureSkipVerify"`
|
||||||
}
|
}
|
||||||
@ -60,6 +64,8 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
|
|||||||
userInfoURL: c.UserInfoURL,
|
userInfoURL: c.UserInfoURL,
|
||||||
scopes: c.Scopes,
|
scopes: c.Scopes,
|
||||||
groupsKey: c.GroupsKey,
|
groupsKey: c.GroupsKey,
|
||||||
|
userIDKey: c.UserIDKey,
|
||||||
|
userNameKey: c.UserNameKey,
|
||||||
redirectURI: c.RedirectURI,
|
redirectURI: c.RedirectURI,
|
||||||
logger: logger,
|
logger: logger,
|
||||||
}
|
}
|
||||||
@ -165,17 +171,25 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
|
|||||||
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
|
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
identity.UserID, _ = userInfoResult["user_id"].(string)
|
if c.userIDKey == "" {
|
||||||
identity.Name, _ = userInfoResult["name"].(string)
|
c.userIDKey = "user_id"
|
||||||
identity.Username, _ = userInfoResult["user_name"].(string)
|
}
|
||||||
identity.Email, _ = userInfoResult["email"].(string)
|
|
||||||
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
|
if c.userNameKey == "" {
|
||||||
|
c.userNameKey = "user_name"
|
||||||
|
}
|
||||||
|
|
||||||
if s.Groups {
|
|
||||||
if c.groupsKey == "" {
|
if c.groupsKey == "" {
|
||||||
c.groupsKey = "groups"
|
c.groupsKey = "groups"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
identity.UserID, _ = userInfoResult[c.userIDKey].(string)
|
||||||
|
identity.Username, _ = userInfoResult[c.userNameKey].(string)
|
||||||
|
identity.Name, _ = userInfoResult["name"].(string)
|
||||||
|
identity.Email, _ = userInfoResult["email"].(string)
|
||||||
|
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
|
||||||
|
|
||||||
|
if s.Groups {
|
||||||
groups := map[string]bool{}
|
groups := map[string]bool{}
|
||||||
|
|
||||||
c.addGroupsFromMap(groups, userInfoResult)
|
c.addGroupsFromMap(groups, userInfoResult)
|
||||||
|
|||||||
@ -72,8 +72,8 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
|
|||||||
|
|
||||||
userInfoClaims := map[string]interface{}{
|
userInfoClaims := map[string]interface{}{
|
||||||
"name": "test-name",
|
"name": "test-name",
|
||||||
"user_name": "test-username",
|
"user_id_key": "test-user-id",
|
||||||
"user_id": "test-user-id",
|
"user_name_key": "test-username",
|
||||||
"email": "test-email",
|
"email": "test-email",
|
||||||
"email_verified": true,
|
"email_verified": true,
|
||||||
"groups_key": []string{"admin-group", "user-group"},
|
"groups_key": []string{"admin-group", "user-group"},
|
||||||
@ -93,6 +93,7 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
|
|||||||
expectEqual(t, identity.Groups[0], "admin-group")
|
expectEqual(t, identity.Groups[0], "admin-group")
|
||||||
expectEqual(t, identity.Groups[1], "user-group")
|
expectEqual(t, identity.Groups[1], "user-group")
|
||||||
expectEqual(t, identity.Name, "test-name")
|
expectEqual(t, identity.Name, "test-name")
|
||||||
|
expectEqual(t, identity.UserID, "test-user-id")
|
||||||
expectEqual(t, identity.Username, "test-username")
|
expectEqual(t, identity.Username, "test-username")
|
||||||
expectEqual(t, identity.Email, "test-email")
|
expectEqual(t, identity.Email, "test-email")
|
||||||
expectEqual(t, identity.EmailVerified, true)
|
expectEqual(t, identity.EmailVerified, true)
|
||||||
@ -106,8 +107,8 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
|
|||||||
|
|
||||||
userInfoClaims := map[string]interface{}{
|
userInfoClaims := map[string]interface{}{
|
||||||
"name": "test-name",
|
"name": "test-name",
|
||||||
"user_name": "test-username",
|
"user_id_key": "test-user-id",
|
||||||
"user_id": "test-user-id",
|
"user_name_key": "test-username",
|
||||||
"email": "test-email",
|
"email": "test-email",
|
||||||
"email_verified": true,
|
"email_verified": true,
|
||||||
}
|
}
|
||||||
@ -124,6 +125,7 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
|
|||||||
expectEqual(t, len(identity.Groups), 1)
|
expectEqual(t, len(identity.Groups), 1)
|
||||||
expectEqual(t, identity.Groups[0], "test-group")
|
expectEqual(t, identity.Groups[0], "test-group")
|
||||||
expectEqual(t, identity.Name, "test-name")
|
expectEqual(t, identity.Name, "test-name")
|
||||||
|
expectEqual(t, identity.UserID, "test-user-id")
|
||||||
expectEqual(t, identity.Username, "test-username")
|
expectEqual(t, identity.Username, "test-username")
|
||||||
expectEqual(t, identity.Email, "test-email")
|
expectEqual(t, identity.Email, "test-email")
|
||||||
expectEqual(t, identity.EmailVerified, true)
|
expectEqual(t, identity.EmailVerified, true)
|
||||||
@ -197,6 +199,8 @@ func newConnector(t *testing.T, serverURL string) *oauthConnector {
|
|||||||
UserInfoURL: serverURL + "/userinfo",
|
UserInfoURL: serverURL + "/userinfo",
|
||||||
Scopes: []string{"openid", "groups"},
|
Scopes: []string{"openid", "groups"},
|
||||||
GroupsKey: "groups_key",
|
GroupsKey: "groups_key",
|
||||||
|
UserIDKey: "user_id_key",
|
||||||
|
UserNameKey: "user_name_key",
|
||||||
}
|
}
|
||||||
|
|
||||||
log := logrus.New()
|
log := logrus.New()
|
||||||
|
|||||||
Reference in New Issue
Block a user