jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

OIDC: groups claim added to make groups provisioned

Browse Source
This commit is contained in:
Vladimir D
2024-09-19 13:49:25 +04:00
committed by Johannes Zellner
parent 87b8fc6a1b
commit 3ce74d04d0
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/oidc.js
+9 -3
View File
@@ -44,6 +44,7 @@ const assert = require('assert'),
translations = require('./translations.js'),
url = require('url'),
users = require('./users.js'),
groups = require('./groups.js'),
util = require('util');
const OIDC_CLIENTS_TABLE_NAME = 'oidcClients';
@@ -719,6 +720,9 @@ async function claims(userId/*, use, scope*/) {
const [error, user] = await safe(users.get(userId));
if (error) return { error: 'user not found' };
const [groupsError, allGroups] = await safe(groups.listWithMembers());
if (groupsError) return { error: groupsError.message }
const displayName = user.displayName || user.username || ''; // displayName can be empty and username can be null
const { firstName, lastName, middleName } = users.parseDisplayName(displayName);
@@ -735,7 +739,8 @@ async function claims(userId/*, use, scope*/) {
locale: 'en-US',
name: user.displayName,
picture: `https://${dashboardFqdn}/api/v1/profile/avatar/${user.id}`,
preferred_username: user.username
preferred_username: user.username,
groups: allGroups.filter(function (g) { return g.userIds.indexOf(user.id) !== -1; }).map(function (g) { return `${g.name}`; })
};
return claims;
@@ -817,7 +822,8 @@ async function start() {
},
claims: {
email: ['email', 'email_verified'],
profile: [ 'family_name', 'given_name', 'locale', 'name', 'preferred_username', 'picture' ]
profile: [ 'family_name', 'given_name', 'locale', 'name', 'preferred_username', 'picture' ],
groups: [ 'groups' ]
},
features: {
rpInitiatedLogout: { enabled: false },
@@ -860,7 +866,7 @@ async function start() {
accountId: ctx.oidc.session.accountId,
});
grant.addOIDCScope('openid email profile');
grant.addOIDCScope('openid email profile groups');
// grant.addOIDCClaims(['first_name']);
await grant.save();