From 8c1716d3568400f6f629822891149e1c398f194b Mon Sep 17 00:00:00 2001 From: flarno11 Date: Sun, 2 Jun 2019 21:33:53 +0200 Subject: [PATCH] make userName configurable --- Documentation/connectors/oidc.md | 6 +++++- connector/oidc/oidc.go | 13 +++++++++++-- connector/oidc/oidc_test.go | 33 +++++++++++++++++++++++++------- 3 files changed, 42 insertions(+), 10 deletions(-) diff --git a/Documentation/connectors/oidc.md b/Documentation/connectors/oidc.md index b7ce5666..55b7a96e 100644 --- a/Documentation/connectors/oidc.md +++ b/Documentation/connectors/oidc.md @@ -71,7 +71,11 @@ connectors: # Default: sub # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims # - # userIdKey: nickname + # userIDKey: nickname + + # The set claim is used as user name. + # Default: name + # userNameKey: nickname ``` [oidc-doc]: openid-connect.md diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 88b4e29d..327b1079 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -47,6 +47,9 @@ type Config struct { // Configurable key which contains the user id claim UserIDKey string `json:"userIDKey"` + + // Configurable key which contains the user name claim + UserNameKey string `json:"userNameKey"` } // Domains that don't support basic auth. golang.org/x/oauth2 has an internal @@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e insecureSkipEmailVerified: c.InsecureSkipEmailVerified, getUserInfo: c.GetUserInfo, userIDKey: c.UserIDKey, + userNameKey: c.UserNameKey, }, nil } @@ -151,6 +155,7 @@ type oidcConnector struct { insecureSkipEmailVerified bool getUserInfo bool userIDKey string + userNameKey string } func (c *oidcConnector) Close() error { @@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide return identity, fmt.Errorf("oidc: failed to decode claims: %v", err) } - name, found := claims["name"].(string) + userNameKey := "name" + if c.userNameKey != "" { + userNameKey = c.userNameKey + } + name, found := claims[userNameKey].(string) if !found { - return identity, errors.New("missing \"name\" claim") + return identity, fmt.Errorf("missing \"%s\" claim", userNameKey) } email, found := claims["email"].(string) if !found { diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index 7d41a37c..f766a875 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) { tests := []struct { name string userIDKey string + userNameKey string insecureSkipEmailVerified bool expectUserID string + expectUserName string token map[string]interface{} }{ { - name: "simpleCase", - userIDKey: "", // not configured - expectUserID: "subvalue", + name: "simpleCase", + userIDKey: "", // not configured + userNameKey: "", // not configured + expectUserID: "subvalue", + expectUserName: "namevalue", token: map[string]interface{}{ "sub": "subvalue", "name": "namevalue", @@ -66,6 +70,7 @@ func TestHandleCallback(t *testing.T) { name: "email_verified not in claims, configured to be skipped", insecureSkipEmailVerified: true, expectUserID: "subvalue", + expectUserName: "namevalue", token: map[string]interface{}{ "sub": "subvalue", "name": "namevalue", @@ -73,9 +78,10 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "withUserIDKey", - userIDKey: "name", - expectUserID: "namevalue", + name: "withUserIDKey", + userIDKey: "name", + expectUserID: "namevalue", + expectUserName: "namevalue", token: map[string]interface{}{ "sub": "subvalue", "name": "namevalue", @@ -83,6 +89,18 @@ func TestHandleCallback(t *testing.T) { "email_verified": true, }, }, + { + name: "withUserNameKey", + userNameKey: "user_name", + expectUserID: "subvalue", + expectUserName: "username", + token: map[string]interface{}{ + "sub": "subvalue", + "user_name": "username", + "email": "emailvalue", + "email_verified": true, + }, + }, } for _, tc := range tests { @@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) { Scopes: []string{"groups"}, RedirectURI: fmt.Sprintf("%s/callback", serverURL), UserIDKey: tc.userIDKey, + UserNameKey: tc.userNameKey, InsecureSkipEmailVerified: tc.insecureSkipEmailVerified, } @@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) { } expectEquals(t, identity.UserID, tc.expectUserID) - expectEquals(t, identity.Username, "namevalue") + expectEquals(t, identity.Username, tc.expectUserName) expectEquals(t, identity.Email, "emailvalue") expectEquals(t, identity.EmailVerified, true) })