feat: fix + enable OIDC auth method (#2282)
* fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available
This commit is contained in:
parent
95b6a7ad82
commit
d5d368cd33
@ -17,18 +17,21 @@ module.exports = {
|
|||||||
clientID: conf.clientId,
|
clientID: conf.clientId,
|
||||||
clientSecret: conf.clientSecret,
|
clientSecret: conf.clientSecret,
|
||||||
issuer: conf.issuer,
|
issuer: conf.issuer,
|
||||||
|
userInfoURL: conf.userInfoURL,
|
||||||
callbackURL: conf.callbackURL
|
callbackURL: conf.callbackURL
|
||||||
}, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
|
}, async (iss, sub, profile, cb) => {
|
||||||
WIKI.models.users.processProfile({
|
try {
|
||||||
id: jwtClaims.sub,
|
const user = await WIKI.models.users.processProfile({
|
||||||
provider: 'oidc',
|
profile: {
|
||||||
email: _.get(jwtClaims, conf.emailClaim),
|
...profile,
|
||||||
name: _.get(jwtClaims, conf.usernameClaim)
|
email: _.get(profile, '_json.' + conf.emailClaim)
|
||||||
}).then((user) => {
|
},
|
||||||
return cb(null, user) || true
|
providerKey: 'oidc'
|
||||||
}).catch((err) => {
|
|
||||||
return cb(err, null) || true
|
|
||||||
})
|
})
|
||||||
|
cb(null, user)
|
||||||
|
} catch(err) {
|
||||||
|
cb(err, null)
|
||||||
|
}
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -5,13 +5,17 @@ author: requarks.io
|
|||||||
logo: https://static.requarks.io/logo/oidc.svg
|
logo: https://static.requarks.io/logo/oidc.svg
|
||||||
color: blue-grey darken-2
|
color: blue-grey darken-2
|
||||||
website: http://openid.net/connect/
|
website: http://openid.net/connect/
|
||||||
|
isAvailable: true
|
||||||
useForm: false
|
useForm: false
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
props:
|
props:
|
||||||
clientId: String
|
clientId: String
|
||||||
clientSecret: String
|
clientSecret: String
|
||||||
authorizationURL: String
|
authorizationURL: String
|
||||||
tokenURL: String
|
tokenURL: String
|
||||||
issuer: String
|
issuer: String
|
||||||
userInfoUrl: String
|
userInfoURL: String
|
||||||
emailClaim: String
|
emailClaim: String
|
||||||
usernameClaim: String
|
|
||||||
|
Loading…
Reference in New Issue
Block a user