feat: fix + enable OIDC auth method (#2282)

* fix: pass userinfo URL in oidc strategy

The userinfo URL from the definition was not being provided to the
passport strategy, which resulted in a type error trying to resolve the
user's profile. Furthermore, the name of the defined URL was
inconsistent with all other authentication method URLs.

* fix: pass all necessary scopes to oidc auth method

When no scopes are provided, passport-openidconnect uses only `openid`,
which does not contain the username or email address. Include `profile`
and `email` to ensure the necessary claims are included.

* fix: update oidc method to call processProfile correctly

Now the profile object and providerKey are passed to processProfile. The
usernameClaim no longer has any use as the email address is the
username.

* fix: mark oidc authentication method as available
This commit is contained in:
Dan Nicholson 2020-08-15 11:32:58 -06:00 committed by GitHub
parent 95b6a7ad82
commit d5d368cd33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 13 deletions

View File

@ -17,18 +17,21 @@ module.exports = {
clientID: conf.clientId,
clientSecret: conf.clientSecret,
issuer: conf.issuer,
userInfoURL: conf.userInfoURL,
callbackURL: conf.callbackURL
}, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
WIKI.models.users.processProfile({
id: jwtClaims.sub,
provider: 'oidc',
email: _.get(jwtClaims, conf.emailClaim),
name: _.get(jwtClaims, conf.usernameClaim)
}).then((user) => {
return cb(null, user) || true
}).catch((err) => {
return cb(err, null) || true
}, async (iss, sub, profile, cb) => {
try {
const user = await WIKI.models.users.processProfile({
profile: {
...profile,
email: _.get(profile, '_json.' + conf.emailClaim)
},
providerKey: 'oidc'
})
cb(null, user)
} catch(err) {
cb(err, null)
}
})
)
}

View File

@ -5,13 +5,17 @@ author: requarks.io
logo: https://static.requarks.io/logo/oidc.svg
color: blue-grey darken-2
website: http://openid.net/connect/
isAvailable: true
useForm: false
scopes:
- openid
- profile
- email
props:
clientId: String
clientSecret: String
authorizationURL: String
tokenURL: String
issuer: String
userInfoUrl: String
userInfoURL: String
emailClaim: String
usernameClaim: String