Feat: enable dynamic profile field mapping via env variables for oidc response #1041
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Junjiequan
changed the title
6 tasks
nitrosx
requested changes
Jan 30, 2024
bpedersen2
requested changes
Jan 30, 2024
As not all config settings can be made as environment variables, provide a override mechanism to allow (build-time) configuration adjustments. An example for the graphql access groups provider will be in the next commit. Change-Id: I8dc82ca4f0ac0a1b60fa47eadb147c228a77b841
Instead of requiring an explict service provider for each facility, use extended configurations. Basic enabling/disabling is implemented in the standard config via environment vars, GraphQL needs extendend configuration via localconfiguration. Change-Id: I2ed630bac8f1f66d4f754e5b95d6b232ec63cf3d
Change-Id: I832b6d9e2680aa8423441924de59c4157b50c8e6
|
#726 raised by @bpedersen2 is merged into this PR to test access-group-provider implementation |
nitrosx
requested changes
Feb 5, 2024
There was a problem hiding this comment.
@Junjiequan I'm not sure that this PR is ready for production. I think we need to do another round of brainstorming and check that the code is correct.
Thoughts?
src/auth/access-group-provider/access-group-from-graphql-api-call.service.ts
Outdated
Show resolved
Hide resolved
src/auth/access-group-provider/access-group-from-multiple-providers.service.ts
Outdated
Show resolved
Hide resolved
src/auth/access-group-provider/access-group-from-payload.service.ts
Outdated
Show resolved
Hide resolved
nitrosx
requested changes
Feb 7, 2024
src/auth/access-group-provider/access-group-from-graphql-api-call.service.ts
Show resolved
Hide resolved
…ion-process-confi
nitrosx
approved these changes
Feb 9, 2024
src/auth/access-group-provider/access-group-from-graphql-api-call.service.ts
Show resolved
Hide resolved
…ion-process-confi
bpedersen2
reviewed
Feb 14, 2024
…ion-process-confi
|
I confirm that @Junjiequan updated the documentation. Ready to be merged |
…ion-process-confi
bpedersen2
approved these changes
Feb 27, 2024
README.md
Outdated
| @@ -110,6 +116,20 @@ Valid environment variables for the .env file. See [.env.example](/.env.example) | |||
| - `OIDC_SCOPE` [string] _Optional_ Space separated list of the info returned by the oidc service. Example: "openid profile email" | |||
| - `OIDC_SUCCESS_URL` [string] _Optional_ SciCat Frontend auth-callback URL. Required in order to pass user credentials to SciCat Frontend after OIDC login. Example: https://myscicatfrontend/auth-callback | |||
| - `OIDC_ACCESS_GROUPS` [string] _Optional_ Functionality is still unclear. | |||
| - `OIDC_ACCESS_GROUPS_PROPERTY` [string] _Optional_ Target field to get the access groups value from OIDC response. | |||
| - `OIDC_USERINFO_MAPPING_FIELD_USERNAME` [string] _Optional_ comma-separated list. Specifies the fields from the OIDC response to concatenate and use as the user's profile username. For example, setting `OIDC_USERINFO_MAPPING_FIELD_USERNAME="iss, sub"` combines the iss (issuer) and sub (subject) values from the OIDC response, resulting in a username like `myIssuer_myUserName`. This allows for customizable username definitions based on OIDC response attributes. | |||
There was a problem hiding this comment.
This field is mentioned 2 times here (see line 124)
README.md
Outdated
| - `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME` [string] _Optional_ Specifies the fields from the OIDC response and use as the user's profile displayname. For example, setting `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME="preferred_username"` use displayName value from the OIDC response, resulting in a displayname like `myPreferredName`. This allows for customizable displayname definitions based on OIDC response attributes. | ||
| - `OIDC_USERINFO_MAPPING_FIELD_EMAIL` [string] _Optional_ Same as `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME`. Defaults to "email" | ||
| - `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME` [string] _Optional_ Same as `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME`. Defaults to "name" | ||
| - `OIDC_USERINFO_MAPPING_FIELD_USERNAME` [string] _Optional_ Same as `OIDC_USERINFO_MAPPING_FIELD_DISPLAYNAME`. Defaults to "preferred_username" || "name" |
There was a problem hiding this comment.
duplicated, and looking at the code the first one is correct.
Junjiequan
deleted the
SWAP-3745-scicat-be-make-oidc-user-validation-process-confi
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces configurable userInfo, enabling teams to customize returned values for the frontend. Default behavior remains unchanged if no configuration is provided. Notably,
displayNameinoidc.strategynow concatenatesgivenNameandfamilyName.Motivation
Different teams like to show different things in their user profiles. For example, at ESS, we use oidc.sub as the username. This change lets each team pick what works best for them, making sure our system suits everyone's needs.
Fixes:
added userInfoMapping field in the configuration file, which can be customized using the following environment variable name.
Changes:
Tests included/Docs Updated?