wikijs-fork/server/modules/authentication/oidc/authentication.js
Dan Nicholson d5d368cd33
feat: fix + enable OIDC auth method (#2282)
* fix: pass userinfo URL in oidc strategy

The userinfo URL from the definition was not being provided to the
passport strategy, which resulted in a type error trying to resolve the
user's profile. Furthermore, the name of the defined URL was
inconsistent with all other authentication method URLs.

* fix: pass all necessary scopes to oidc auth method

When no scopes are provided, passport-openidconnect uses only `openid`,
which does not contain the username or email address. Include `profile`
and `email` to ensure the necessary claims are included.

* fix: update oidc method to call processProfile correctly

Now the profile object and providerKey are passed to processProfile. The
usernameClaim no longer has any use as the email address is the
username.

* fix: mark oidc authentication method as available
2020-08-15 13:32:58 -04:00

39 lines
993 B
JavaScript

const _ = require('lodash')
/* global WIKI */
// ------------------------------------
// OpenID Connect Account
// ------------------------------------
const OpenIDConnectStrategy = require('passport-openidconnect').Strategy
module.exports = {
init (passport, conf) {
passport.use('oidc',
new OpenIDConnectStrategy({
authorizationURL: conf.authorizationURL,
tokenURL: conf.tokenURL,
clientID: conf.clientId,
clientSecret: conf.clientSecret,
issuer: conf.issuer,
userInfoURL: conf.userInfoURL,
callbackURL: conf.callbackURL
}, async (iss, sub, profile, cb) => {
try {
const user = await WIKI.models.users.processProfile({
profile: {
...profile,
email: _.get(profile, '_json.' + conf.emailClaim)
},
providerKey: 'oidc'
})
cb(null, user)
} catch(err) {
cb(err, null)
}
})
)
}
}