From ca89a1e83f30f0a1793f048718600ac70a4418c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20N=C3=B6thlich?= Date: Sun, 11 Feb 2024 17:17:56 +0100 Subject: [PATCH] Allow configuration of username and email scope and claim --- README.md | 4 +++- protocols/oidc.js | 10 ++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d2ef6e2..1b24d9d 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,9 @@ module.exports = { url: 'https://', client_id: "cryptpad", client_secret: "", - jwt_alg: 'RS256' + jwt_alg: 'RS256', + username_scope: 'profile', (optional) + username_claim: 'name', (optional) }, /* diff --git a/protocols/oidc.js b/protocols/oidc.js index 3c5d4a3..8a4830b 100644 --- a/protocols/oidc.js +++ b/protocols/oidc.js @@ -31,12 +31,14 @@ module.exports = (SSOUtils) => { auth: (Env, cfg, cb) => { getClient(cfg, (err, client) => { if (err) { return void cb ('E_OIDC_CONNECT'); } + let username_scope = cfg.username_scope || 'profile'; + let email_scope = cfg.email_scope || 'email'; // This is not yet used const generators = OID.generators; const code_verifier = generators.codeVerifier(); const code_challenge = generators.codeChallenge(code_verifier); const url = client.authorizationUrl({ - scope: 'openid email profile', + scope: `openid ${username_scope} ${email_scope}`, resource: opts.callbackURL, access_type: 'offline', code_challenge, @@ -52,11 +54,15 @@ module.exports = (SSOUtils) => { const params = client.callbackParams(url); delete params.state; + + let username_claim = cfg.username_claim || 'name'; + let email_claim = cfg.email_claim || 'email'; // This is not yet used + client.callback(opts.callbackURL, params, { code_verifier: token }) .then((tokenSet) => { let j = tokenSet; let c = tokenSet.claims(); - let name = c.name; + let name = c[username_claim]; const end = () => { cb(void 0, { id: c.sub,