Merge pull request #1459 from flarno11/master

make userName configurable

Merge pull request #1459 from flarno11/master
make userName configurable
d6fad19d · Stephan Renatus · GitHub · c19ada32 · 8c1716d3 · d6fad19d
Unverified Commit d6fad19d authored Jun 04, 2019 by Stephan Renatus Committed by GitHub Jun 04, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 10 deletions

oidc.md Documentation/connectors/oidc.md +5 -1

oidc.go connector/oidc/oidc.go +11 -2

oidc_test.go connector/oidc/oidc_test.go +26 -7

No files found.
--- a/Documentation/connectors/oidc.md
+++ b/Documentation/connectors/oidc.md
@@ -71,7 +71,11 @@ connectors:
    # Default: sub
    # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
    #
-    # userIdKey: nickname
+    # userIDKey: nickname
+    
+    # The set claim is used as user name.
+    # Default: name
+    # userNameKey: nickname
 ```

 [oidc-doc]: openid-connect.md

--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -47,6 +47,9 @@ type Config struct {

 	// Configurable key which contains the user id claim
 	UserIDKey string `json:"userIDKey"`
+
+	// Configurable key which contains the user name claim
+	UserNameKey string `json:"userNameKey"`
 }

 // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@@ -131,6 +134,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		insecureSkipEmailVerified: c.InsecureSkipEmailVerified,
 		getUserInfo:               c.GetUserInfo,
 		userIDKey:                 c.UserIDKey,
+		userNameKey:               c.UserNameKey,
 	}, nil
 }

@@ -151,6 +155,7 @@ type oidcConnector struct {
 	insecureSkipEmailVerified bool
 	getUserInfo               bool
 	userIDKey                 string
+	userNameKey               string
 }

 func (c *oidcConnector) Close() error {
@@ -209,9 +214,13 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
 		return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
 	}

-	name, found := claims["name"].(string)
+	userNameKey := "name"
+	if c.userNameKey != "" {
+		userNameKey = c.userNameKey
+	}
+	name, found := claims[userNameKey].(string)
 	if !found {
-		return identity, errors.New("missing \"name\" claim")
+		return identity, fmt.Errorf("missing \"%s\" claim", userNameKey)
 	}
 	email, found := claims["email"].(string)
 	if !found {

--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@@ -47,14 +47,18 @@ func TestHandleCallback(t *testing.T) {
 	tests := []struct {
 		name                      string
 		userIDKey                 string
+		userNameKey               string
 		insecureSkipEmailVerified bool
 		expectUserID              string
+		expectUserName            string
 		token                     map[string]interface{}
 	}{
 		{
-			name:         "simpleCase",
-			userIDKey:    "", // not configured
-			expectUserID: "subvalue",
+			name:           "simpleCase",
+			userIDKey:      "", // not configured
+			userNameKey:    "", // not configured
+			expectUserID:   "subvalue",
+			expectUserName: "namevalue",
 			token: map[string]interface{}{
 				"sub":            "subvalue",
 				"name":           "namevalue",
@@ -66,6 +70,7 @@ func TestHandleCallback(t *testing.T) {
 			name:                      "email_verified not in claims, configured to be skipped",
 			insecureSkipEmailVerified: true,
 			expectUserID:              "subvalue",
+			expectUserName:            "namevalue",
 			token: map[string]interface{}{
 				"sub":   "subvalue",
 				"name":  "namevalue",
@@ -73,9 +78,10 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name:         "withUserIDKey",
-			userIDKey:    "name",
-			expectUserID: "namevalue",
+			name:           "withUserIDKey",
+			userIDKey:      "name",
+			expectUserID:   "namevalue",
+			expectUserName: "namevalue",
 			token: map[string]interface{}{
 				"sub":            "subvalue",
 				"name":           "namevalue",
@@ -83,6 +89,18 @@ func TestHandleCallback(t *testing.T) {
 				"email_verified": true,
 			},
 		},
+		{
+			name:           "withUserNameKey",
+			userNameKey:    "user_name",
+			expectUserID:   "subvalue",
+			expectUserName: "username",
+			token: map[string]interface{}{
+				"sub":            "subvalue",
+				"user_name":      "username",
+				"email":          "emailvalue",
+				"email_verified": true,
+			},
+		},
 	}

 	for _, tc := range tests {
@@ -100,6 +118,7 @@ func TestHandleCallback(t *testing.T) {
 				Scopes:                    []string{"groups"},
 				RedirectURI:               fmt.Sprintf("%s/callback", serverURL),
 				UserIDKey:                 tc.userIDKey,
+				UserNameKey:               tc.userNameKey,
 				InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
 			}

@@ -119,7 +138,7 @@ func TestHandleCallback(t *testing.T) {
 			}

 			expectEquals(t, identity.UserID, tc.expectUserID)
-			expectEquals(t, identity.Username, "namevalue")
+			expectEquals(t, identity.Username, tc.expectUserName)
 			expectEquals(t, identity.Email, "emailvalue")
 			expectEquals(t, identity.EmailVerified, true)
 		})