d5d368cd33
* fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available
39 lines
993 B
JavaScript
39 lines
993 B
JavaScript
const _ = require('lodash')
|
|
|
|
/* global WIKI */
|
|
|
|
// ------------------------------------
|
|
// OpenID Connect Account
|
|
// ------------------------------------
|
|
|
|
const OpenIDConnectStrategy = require('passport-openidconnect').Strategy
|
|
|
|
module.exports = {
|
|
init (passport, conf) {
|
|
passport.use('oidc',
|
|
new OpenIDConnectStrategy({
|
|
authorizationURL: conf.authorizationURL,
|
|
tokenURL: conf.tokenURL,
|
|
clientID: conf.clientId,
|
|
clientSecret: conf.clientSecret,
|
|
issuer: conf.issuer,
|
|
userInfoURL: conf.userInfoURL,
|
|
callbackURL: conf.callbackURL
|
|
}, async (iss, sub, profile, cb) => {
|
|
try {
|
|
const user = await WIKI.models.users.processProfile({
|
|
profile: {
|
|
...profile,
|
|
email: _.get(profile, '_json.' + conf.emailClaim)
|
|
},
|
|
providerKey: 'oidc'
|
|
})
|
|
cb(null, user)
|
|
} catch(err) {
|
|
cb(err, null)
|
|
}
|
|
})
|
|
)
|
|
}
|
|
}
|