msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

feat: map OIDC/OAuth2 avatar claims to user pictureUrl (#7908)

Browse Source
main
mod242 1 week ago committed by GitHub
parent 3dcf20ab6f
commit 6ae53bf1bd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File

4
server/modules/authentication/oauth2/authentication.js
Unescape View File

@ -22,13 +22,15 @@ module.exports = {
state: conf.enableCSRFProtection
}, async (req, accessToken, refreshToken, profile, cb) => {
try {
const picture = _.get(profile, conf.pictureClaim, '')
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
profile: {
...profile,
id: _.get(profile, conf.userIdClaim),
displayName: _.get(profile, conf.displayNameClaim, '???'),
email: _.get(profile, conf.emailClaim)
email: _.get(profile, conf.emailClaim),
picture: picture
}
})
if (conf.mapGroups) {

19
server/modules/authentication/oauth2/definition.yml
Unescape View File

@ -54,38 +54,45 @@ props:
default: email
maxWidth: 500
order: 8
pictureClaim:
type: String
title: Picture Claim
hint: Field containing the user avatar URL
default: picture
maxWidth: 500
order: 9
mapGroups:
type: Boolean
title: Map Groups
hint: Map groups matching names from the groups claim value
default: false
order: 9
order: 10
groupsClaim:
type: String
title: Groups Claim
hint: Field containing the group names
default: groups
maxWidth: 500
order: 10
order: 11
logoutURL:
type: String
title: Logout URL
hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
order: 11
order: 12
scope:
type: String
title: Scope
hint: (optional) Application Client permission scopes.
order: 12
order: 13
useQueryStringForAccessToken:
type: Boolean
default: false
title: Pass access token via GET query string to User Info Endpoint
hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header.
order: 13
order: 14
enableCSRFProtection:
type: Boolean
default: true
title: Enable CSRF protection
hint: Pass a nonce state parameter during authentication to protect against CSRF attacks.
order: 14
order: 15

4
server/modules/authentication/oidc/authentication.js
Unescape View File

@ -24,6 +24,7 @@ module.exports = {
acrValues: conf.acrValues
}, async (req, iss, uiProfile, idProfile, context, idToken, accessToken, refreshToken, params, cb) => {
const profile = Object.assign({}, idProfile, uiProfile)
const picture = _.get(profile, '_json.' + conf.pictureClaim, '')
try {
const user = await WIKI.models.users.processProfile({
@ -31,7 +32,8 @@ module.exports = {
profile: {
...profile,
email: _.get(profile, '_json.' + conf.emailClaim),
displayName: _.get(profile, '_json.' + conf.displayNameClaim, '')
displayName: _.get(profile, '_json.' + conf.displayNameClaim, ''),
picture: picture
}
})
if (conf.mapGroups) {

15
server/modules/authentication/oidc/definition.yml
Unescape View File

@ -62,26 +62,33 @@ props:
default: displayName
maxWidth: 500
order: 9
pictureClaim:
type: String
title: Picture Claim
hint: Field containing the user avatar URL
default: picture
maxWidth: 500
order: 10
mapGroups:
type: Boolean
title: Map Groups
hint: Map groups matching names from the groups claim value
default: false
order: 10
order: 11
groupsClaim:
type: String
title: Groups Claim
hint: Field containing the group names
default: groups
maxWidth: 500
order: 11
order: 12
logoutURL:
type: String
title: Logout URL
hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
order: 12
order: 13
acrValues:
type: String
title: ACR Values
hint: (optional) Authentication Context Class Reference
order: 13
order: 14

Write Preview
Loading…
Cancel
Save