feat: fix + enable OIDC auth method (#2282)

* fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available
4 years ago · d5d368cd33
parent 95b6a7ad82
commit d5d368cd33
2 changed files with 20 additions and 13 deletions
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@ -17,18 +17,21 @@ module.exports = {
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
        issuer: conf.issuer,
+        userInfoURL: conf.userInfoURL,
        callbackURL: conf.callbackURL
-      }, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
-        WIKI.models.users.processProfile({
-          id: jwtClaims.sub,
-          provider: 'oidc',
-          email: _.get(jwtClaims, conf.emailClaim),
-          name: _.get(jwtClaims, conf.usernameClaim)
-        }).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
+      }, async (iss, sub, profile, cb) => {
+        try {
+          const user = await WIKI.models.users.processProfile({
+            profile: {
+              ...profile,
+              email: _.get(profile, '_json.' + conf.emailClaim)
+            },
+            providerKey: 'oidc'
+          })
+          cb(null, user)
+        } catch(err) {
+          cb(err, null)
+        }
      })
    )
  }
--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@ -5,13 +5,17 @@ author: requarks.io
 logo: https://static.requarks.io/logo/oidc.svg
 color: blue-grey darken-2
 website: http://openid.net/connect/
+isAvailable: true
 useForm: false
+scopes:
+  - openid
+  - profile
+  - email
 props:
  clientId: String
  clientSecret: String
  authorizationURL: String
  tokenURL: String
  issuer: String
-  userInfoUrl: String
+  userInfoURL: String
  emailClaim: String
-  usernameClaim: String