Remove google specific hd / hosted domain claim config

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
This commit is contained in:
Anthony Brandelli 2022-05-06 13:54:19 -06:00
parent 453504c450
commit f07a58a7f1

View File

@ -34,10 +34,6 @@ type Config struct {
Scopes []string `json:"scopes"` // defaults to "profile" and "email" Scopes []string `json:"scopes"` // defaults to "profile" and "email"
// Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomains"`
// Override the value of email_verified to true in the returned claims // Override the value of email_verified to true in the returned claims
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"` InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`
@ -156,7 +152,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
), ),
logger: logger, logger: logger,
cancel: cancel, cancel: cancel,
hostedDomains: c.HostedDomains,
insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
insecureEnableGroups: c.InsecureEnableGroups, insecureEnableGroups: c.InsecureEnableGroups,
acrValues: c.AcrValues, acrValues: c.AcrValues,
@ -183,7 +178,6 @@ type oidcConnector struct {
verifier *oidc.IDTokenVerifier verifier *oidc.IDTokenVerifier
cancel context.CancelFunc cancel context.CancelFunc
logger log.Logger logger log.Logger
hostedDomains []string
insecureSkipEmailVerified bool insecureSkipEmailVerified bool
insecureEnableGroups bool insecureEnableGroups bool
acrValues []string acrValues []string
@ -208,13 +202,6 @@ func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, state string)
} }
var opts []oauth2.AuthCodeOption var opts []oauth2.AuthCodeOption
if len(c.hostedDomains) > 0 {
preferredDomain := c.hostedDomains[0]
if len(c.hostedDomains) > 1 {
preferredDomain = "*"
}
opts = append(opts, oauth2.SetAuthURLParam("hd", preferredDomain))
}
if len(c.acrValues) > 0 { if len(c.acrValues) > 0 {
acrValues := strings.Join(c.acrValues, " ") acrValues := strings.Join(c.acrValues, " ")
@ -361,21 +348,6 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
} }
} }
hostedDomain, _ := claims["hd"].(string)
if len(c.hostedDomains) > 0 {
found := false
for _, domain := range c.hostedDomains {
if hostedDomain == domain {
found = true
break
}
}
if !found {
return identity, fmt.Errorf("oidc: unexpected hd claim %v", hostedDomain)
}
}
cd := connectorData{ cd := connectorData{
RefreshToken: []byte(token.RefreshToken), RefreshToken: []byte(token.RefreshToken),
} }