fix: various OAuth2 fixes

requarks · Oct 16, 2021 · 5911867 · 5911867
1 parent 2d4cbb0
commit 5911867
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 15 deletions.
diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js
@@ -3,7 +3,7 @@ const _ = require('lodash')
 /* global WIKI */
 
 // ------------------------------------
-// OAuth2 Connect Account
+// OAuth2 Account
 // ------------------------------------
 
 const OAuth2Strategy = require('passport-oauth2').Strategy
@@ -17,15 +17,15 @@ module.exports = {
       clientSecret: conf.clientSecret,
       userInfoURL: conf.userInfoURL,
       callbackURL: conf.callbackURL,
-      passReqToCallback: true,
+      passReqToCallback: true
     }, async (req, accessToken, refreshToken, profile, cb) => {
       try {
         const user = await WIKI.models.users.processProfile({
           providerKey: req.params.strategy,
           profile: {
             ...profile,
-            id: _.get(profile, conf.userId),
-            displayName: _.get(profile, conf.displayName, ''),
+            id: _.get(profile, conf.userIdClaim),
+            displayName: _.get(profile, conf.displayNameClaim, '???'),
             email: _.get(profile, conf.emailClaim)
           }
         })
@@ -36,19 +36,26 @@ module.exports = {
     })
 
     client.userProfile = function (accesstoken, done) {
-      this._oauth2._useAuthorizationHeaderForGET = true;
+      this._oauth2._useAuthorizationHeaderForGET = true
       this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {
         if (err) {
           return done(err)
         }
         try {
           data = JSON.parse(data)
-        } catch(e) {
+        } catch (e) {
           return done(e)
         }
         done(null, data)
       })
     }
     passport.use('oauth2', client)
+  },
+  logout (conf) {
+    if (!conf.logoutURL) {
+      return '/'
+    } else {
+      return conf.logoutURL
+    }
   }
 }
diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml
@@ -1,6 +1,6 @@
 key: oauth2
-title: OAuth2
-description: OAuth 2.0 protocol.
+title: Generic OAuth2
+description: OAuth 2.0 is the industry-standard protocol for authorization.
 author: requarks.io
 logo: https://static.requarks.io/logo/oauth2.svg
 color: blue-grey darken-2
@@ -33,23 +33,29 @@ props:
     title: User Info Endpoint URL
     hint: User Info Endpoint URL
     order: 5
-  userId:
+  userIdClaim:
     type: String
-    title: ID
-    hint: User ID
+    title: ID Claim
+    hint: Field containing the user ID
     default: id
+    maxWidth: 500
     order: 6
-  displayName:
+  displayNameClaim:
     type: String
-    title: Display Name
-    hint: Field containing display name
+    title: Display Name Claim
+    hint: Field containing user display name
     default: displayName
     maxWidth: 500
     order: 7
   emailClaim:
     type: String
     title: Email Claim
-    hint: Field containing the email address
+    hint: Field containing the user email address
     default: email
     maxWidth: 500
     order: 8
+  logoutURL:
+    type: String
+    title: Logout URL
+    hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
+    order: 9