Skip to content

Commit

Permalink
make userName configurable
Browse files Browse the repository at this point in the history
  • Loading branch information
flarno11 committed Jun 3, 2019
1 parent dfb2dfd commit 8c1716d
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 10 deletions.
6 changes: 5 additions & 1 deletion Documentation/connectors/oidc.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,11 @@ connectors:
# Default: sub
# Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
#
# userIdKey: nickname
# userIDKey: nickname

# The set claim is used as user name.
# Default: name
# userNameKey: nickname
```

[oidc-doc]: openid-connect.md
Expand Down
13 changes: 11 additions & 2 deletions connector/oidc/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ type Config struct {

// Configurable key which contains the user id claim
UserIDKey string `json:"userIDKey"`

// Configurable key which contains the user name claim
UserNameKey string `json:"userNameKey"`
}

// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
Expand Down Expand Up @@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
getUserInfo: c.GetUserInfo,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
}, nil
}

Expand All @@ -151,6 +155,7 @@ type oidcConnector struct {
insecureSkipEmailVerified bool
getUserInfo bool
userIDKey string
userNameKey string
}

func (c *oidcConnector) Close() error {
Expand Down Expand Up @@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
}

name, found := claims["name"].(string)
userNameKey := "name"
if c.userNameKey != "" {
userNameKey = c.userNameKey
}
name, found := claims[userNameKey].(string)
if !found {
return identity, errors.New("missing \"name\" claim")
return identity, fmt.Errorf("missing \"%s\" claim", userNameKey)
}
email, found := claims["email"].(string)
if !found {
Expand Down
33 changes: 26 additions & 7 deletions connector/oidc/oidc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) {
tests := []struct {
name string
userIDKey string
userNameKey string
insecureSkipEmailVerified bool
expectUserID string
expectUserName string
token map[string]interface{}
}{
{
name: "simpleCase",
userIDKey: "", // not configured
expectUserID: "subvalue",
name: "simpleCase",
userIDKey: "", // not configured
userNameKey: "", // not configured
expectUserID: "subvalue",
expectUserName: "namevalue",
token: map[string]interface{}{
"sub": "subvalue",
"name": "namevalue",
Expand All @@ -66,23 +70,37 @@ func TestHandleCallback(t *testing.T) {
name: "email_verified not in claims, configured to be skipped",
insecureSkipEmailVerified: true,
expectUserID: "subvalue",
expectUserName: "namevalue",
token: map[string]interface{}{
"sub": "subvalue",
"name": "namevalue",
"email": "emailvalue",
},
},
{
name: "withUserIDKey",
userIDKey: "name",
expectUserID: "namevalue",
name: "withUserIDKey",
userIDKey: "name",
expectUserID: "namevalue",
expectUserName: "namevalue",
token: map[string]interface{}{
"sub": "subvalue",
"name": "namevalue",
"email": "emailvalue",
"email_verified": true,
},
},
{
name: "withUserNameKey",
userNameKey: "user_name",
expectUserID: "subvalue",
expectUserName: "username",
token: map[string]interface{}{
"sub": "subvalue",
"user_name": "username",
"email": "emailvalue",
"email_verified": true,
},
},
}

for _, tc := range tests {
Expand All @@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) {
Scopes: []string{"groups"},
RedirectURI: fmt.Sprintf("%s/callback", serverURL),
UserIDKey: tc.userIDKey,
UserNameKey: tc.userNameKey,
InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
}

Expand All @@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) {
}

expectEquals(t, identity.UserID, tc.expectUserID)
expectEquals(t, identity.Username, "namevalue")
expectEquals(t, identity.Username, tc.expectUserName)
expectEquals(t, identity.Email, "emailvalue")
expectEquals(t, identity.EmailVerified, true)
})
Expand Down

0 comments on commit 8c1716d

Please sign in to comment.