Commit 5e0bf8b6 authored by rithu john's avatar rithu john

connector/oidc: fix hosted domain support.

parent 0e0b4c53
...@@ -35,7 +35,7 @@ type Config struct { ...@@ -35,7 +35,7 @@ type Config struct {
// Optional list of whitelisted domains when using Google // Optional list of whitelisted domains when using Google
// If this field is nonempty, only users from a listed domain will be allowed to log in // If this field is nonempty, only users from a listed domain will be allowed to log in
HostedDomains []string `json:"hostedDomain"` HostedDomains []string `json:"hostedDomains"`
} }
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
...@@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide ...@@ -198,7 +198,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
if len(c.hostedDomains) > 0 { if len(c.hostedDomains) > 0 {
found := false found := false
for _, domain := range c.hostedDomains { for _, domain := range c.hostedDomains {
if claims.HostedDomain != domain { if claims.HostedDomain == domain {
found = true found = true
break break
} }
......
...@@ -67,7 +67,8 @@ connectors: ...@@ -67,7 +67,8 @@ connectors:
# clientID: $GOOGLE_CLIENT_ID # clientID: $GOOGLE_CLIENT_ID
# clientSecret: $GOOGLE_CLIENT_SECRET # clientSecret: $GOOGLE_CLIENT_SECRET
# redirectURI: http://127.0.0.1:5556/dex/callback # redirectURI: http://127.0.0.1:5556/dex/callback
# hostedDomain: $GOOGLE_HOSTED_DOMAIN # hostedDomains:
# - $GOOGLE_HOSTED_DOMAIN
# Let dex keep a list of passwords which can be used to login to dex. # Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true enablePasswordDB: true
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment