OIDC: fallback to "email" if IDP doesn't provide "preferred_username"…

… claim Some IDPs (e.g. Authelia) don't add the "preferred_username" claim. Fallback to the "email" claim in that case. Fixes: owncloud#2644
rhafer · Nov 30, 2021 · df98dd6 · df98dd6
1 parent 48accc6
commit df98dd6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/changelog/unreleased/user-claim-fallback.md b/changelog/unreleased/user-claim-fallback.md
@@ -0,0 +1,3 @@
+Change: OIDC: fallback to "email" if IDP doesn't provide "preferred_username" claim
+
+https://github.com/owncloud/ocis/issues/2644
diff --git a/proxy/pkg/user/backend/accounts.go b/proxy/pkg/user/backend/accounts.go
@@ -123,8 +123,12 @@ func (a accountsServiceBackend) CreateUserFromClaims(ctx context.Context, claims
 		}
 	}
 	if req.Account.PreferredName, ok = claims[oidc.PreferredUsername].(string); !ok {
-		a.logger.Warn().Msg("Missing preferred_username claim")
-	} else {
+		a.logger.Warn().Msg("Missing preferred_username claim, falling back to email")
+		if req.Account.PreferredName, ok = claims[oidc.Email].(string); !ok {
+			a.logger.Debug().Msg("Missing email claim as well")
+		}
+	}
+	if req.Account.PreferredName != "" {
 		// also use as on premises samaccount name
 		req.Account.OnPremisesSamAccountName = req.Account.PreferredName
 	}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		Change: OIDC: fallback to "email" if IDP doesn't provide "preferred_username" claim

		https://github.com/owncloud/ocis/issues/2644