Merge pull request #5 from promasu/main

Allow configuration of username and email scope and claim
cryptpad · Jul 18, 2024 · 70e5095 · 70e5095
2 parents aa703b1 + ca89a1e
commit 70e5095
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -77,7 +77,9 @@ module.exports = {
         url: 'https://<keycloakserver/realms/<realm>',
         client_id: "cryptpad",
         client_secret: "<clientsecret>",
-        jwt_alg: 'RS256'
+        jwt_alg: 'RS256',
+        username_scope: 'profile',  (optional)
+        username_claim: 'name', (optional)
       },
     /*
 

diff --git a/protocols/oidc.js b/protocols/oidc.js
@@ -31,12 +31,14 @@ module.exports = (SSOUtils) => {
         auth: (Env, cfg, cb) => {
             getClient(cfg, (err, client) => {
                 if (err) { return void cb ('E_OIDC_CONNECT'); }
+                let username_scope = cfg.username_scope || 'profile';
+                let email_scope = cfg.email_scope || 'email'; // This is not yet used
 
                 const generators = OID.generators;
                 const code_verifier = generators.codeVerifier();
                 const code_challenge = generators.codeChallenge(code_verifier);
                 const url = client.authorizationUrl({
-                    scope: 'openid email profile',
+                    scope: `openid ${username_scope} ${email_scope}`,
                     resource: opts.callbackURL,
                     access_type: 'offline',
                     code_challenge,
@@ -52,11 +54,15 @@ module.exports = (SSOUtils) => {
 
                 const params = client.callbackParams(url);
                 delete params.state;
+
+                let username_claim = cfg.username_claim || 'name';
+                let email_claim = cfg.email_claim || 'email'; // This is not yet used
+
                 client.callback(opts.callbackURL, params, { code_verifier: token })
                         .then((tokenSet) => {
                     let j = tokenSet;
                     let c = tokenSet.claims();
-                    let name = c.name;
+                    let name = c[username_claim];
                     const end = () => {
                         cb(void 0, {
                             id: c.sub,