Skip to content

Commit

Permalink
Use subject from oidc userinfo when quering the use provider
Browse files Browse the repository at this point in the history
  • Loading branch information
@gmgigi96
gmgigi96 committed Jan 23, 2023
1 parent d9f5a3e commit fd4333c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 13 deletions.
8 changes: 0 additions & 8 deletions docs/content/en/docs/changelog/_index.md
View file

This file was deleted.

10 changes: 5 additions & 5 deletions pkg/auth/manager/oidc/oidc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func (am *mgr) Configure(m map[string]interface{}) error {
// The clientID would be empty as we only need to validate the clientSecret variable
// which contains the access token that we can use to contact the UserInfo endpoint
// and get the user claims.
func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) (*user.User, map[string]*authpb.Scope, error) {
func (am *mgr) Authenticate(ctx context.Context, _, clientSecret string) (*user.User, map[string]*authpb.Scope, error) {
ctx = am.getOAuthCtx(ctx)
log := appctx.GetLogger(ctx)

Expand Down Expand Up @@ -199,7 +199,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
return nil, nil, fmt.Errorf("no \"email\" attribute found in userinfo: maybe the client did not request the oidc \"email\"-scope")
}

err = am.resolveUser(ctx, claims, clientID)
err = am.resolveUser(ctx, claims, userInfo.Subject)
if err != nil {
return nil, nil, errors.Wrapf(err, "oidc: error resolving username for external user '%v'", claims["email"])
}
Expand Down Expand Up @@ -302,7 +302,7 @@ func (am *mgr) getOIDCProvider(ctx context.Context) (*oidc.Provider, error) {
return am.provider, nil
}

func (am *mgr) resolveUser(ctx context.Context, claims map[string]interface{}, clientID string) error {
func (am *mgr) resolveUser(ctx context.Context, claims map[string]interface{}, subject string) error {
var (
value string
resolve bool
Expand Down Expand Up @@ -340,7 +340,7 @@ func (am *mgr) resolveUser(ctx context.Context, claims map[string]interface{}, c
}
resolve = true
} else if uid == 0 || gid == 0 {
value = clientID
value = subject
resolve = true
}

Expand Down Expand Up @@ -371,7 +371,7 @@ func (am *mgr) resolveUser(ctx context.Context, claims map[string]interface{}, c
claims[am.c.GIDClaim] = getUserByClaimResp.GetUser().GidNumber
log := appctx.GetLogger(ctx).Debug().Str("username", value).Interface("claims", claims)
if uid == 0 || gid == 0 {
log.Msgf("resolveUser: claims overridden from '%s'", clientID)
log.Msgf("resolveUser: claims overridden from '%s'", subject)
} else {
log.Msg("resolveUser: claims overridden from mapped user")
}
Expand Down

0 comments on commit fd4333c

Please sign in to comment.