k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Add option to OIDC connecter to override email_verified to true

Browse Source
This commit is contained in:
Gerald Barker
2019-03-05 21:24:02 +00:00
parent 83a0326b88
commit fc723af0fe
2 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
connector/oidc/oidc.go
View File

@@ -36,6 +36,9 @@ type Config struct {
// Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomains"`
// Override the value of email_verifed to true in the returned claims
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`
}
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@@ -113,9 +116,10 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
verifier: provider.Verifier(
&oidc.Config{ClientID: clientID},
),
logger: logger,
cancel: cancel,
hostedDomains: c.HostedDomains,
logger: logger,
cancel: cancel,
hostedDomains: c.HostedDomains,
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
}, nil
}
@@ -125,13 +129,14 @@ var (
)
type oidcConnector struct {
redirectURI string
oauth2Config *oauth2.Config
verifier *oidc.IDTokenVerifier
ctx context.Context
cancel context.CancelFunc
logger log.Logger
hostedDomains []string
redirectURI string
oauth2Config *oauth2.Config
verifier *oidc.IDTokenVerifier
ctx context.Context
cancel context.CancelFunc
logger log.Logger
hostedDomains []string
insecureSkipEmailVerified bool
}
func (c *oidcConnector) Close() error {
@@ -209,6 +214,11 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
}
}
if c.insecureSkipEmailVerified {
claims.EmailVerified = true
}
identity = connector.Identity{
UserID: idToken.Subject,
Username: claims.Username,