wikijs-fork/server/modules/authentication/oidc/authentication.js

const _ = require('lodash')

/* global WIKI */

// ------------------------------------
// OpenID Connect Account
// ------------------------------------

const OpenIDConnectStrategy = require('passport-openidconnect').Strategy

module.exports = {
  init (passport, conf) {
    passport.use('oidc',
      new OpenIDConnectStrategy({
        authorizationURL: conf.authorizationURL,
        tokenURL: conf.tokenURL,
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
        issuer: conf.issuer,
        userInfoURL: conf.userInfoURL,
        callbackURL: conf.callbackURL,
        passReqToCallback: true
      }, async (req, iss, sub, profile, cb) => {
        try {
          const user = await WIKI.models.users.processProfile({
            providerKey: req.params.strategy,
            profile: {
              ...profile,
              email: _.get(profile, '_json.' + conf.emailClaim)
            }
          })
          cb(null, user)
        } catch (err) {
          cb(err, null)
        }
      })
    )
  }
}
feat: authentication improvements 2018-08-04 21:27:55 +00:00			`const _ = require('lodash')`

			`/* global WIKI */`

			`// ------------------------------------`
			`// OpenID Connect Account`
			`// ------------------------------------`

			`const OpenIDConnectStrategy = require('passport-openidconnect').Strategy`

			`module.exports = {`
			`init (passport, conf) {`
			`passport.use('oidc',`
			`new OpenIDConnectStrategy({`
			`authorizationURL: conf.authorizationURL,`
			`tokenURL: conf.tokenURL,`
			`clientID: conf.clientId,`
			`clientSecret: conf.clientSecret,`
			`issuer: conf.issuer,`
feat: fix + enable OIDC auth method (#2282) * fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available 2020-08-15 17:32:58 +00:00			`userInfoURL: conf.userInfoURL,`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`callbackURL: conf.callbackURL,`
			`passReqToCallback: true`
			`}, async (req, iss, sub, profile, cb) => {`
feat: fix + enable OIDC auth method (#2282) * fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available 2020-08-15 17:32:58 +00:00			`try {`
			`const user = await WIKI.models.users.processProfile({`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`providerKey: req.params.strategy,`
feat: fix + enable OIDC auth method (#2282) * fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available 2020-08-15 17:32:58 +00:00			`profile: {`
			`...profile,`
			`email: _.get(profile, '_json.' + conf.emailClaim)`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`}`
feat: fix + enable OIDC auth method (#2282) * fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available 2020-08-15 17:32:58 +00:00			`})`
			`cb(null, user)`
feat: social login providers with dynamic instances 2020-08-30 05:36:17 +00:00			`} catch (err) {`
feat: fix + enable OIDC auth method (#2282) * fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available 2020-08-15 17:32:58 +00:00			`cb(err, null)`
			`}`
feat: authentication improvements 2018-08-04 21:27:55 +00:00			`})`
			`)`
			`}`
			`}`