Browse Source
Allow `preferred_username` as username source for OIDC (#30454)
This PR adds the preferred_username claim as a possible username source for the oauth2_client. Closes #21518tags/v1.22.0-rc1
SimonErm
2 weeks ago
4 changed files with 15 additions and 4 deletions
+ 2
- 1
custom/conf/app.example.ini
View File
| @@ -1553,8 +1553,9 @@ LEVEL = Info | |||
| ;; The source of the username for new oauth2 accounts: | |||
| ;; userid = use the userid / sub attribute | |||
| ;; nickname = use the nickname attribute | |||
| ;; preferred_username = use the preferred_username attribute | |||
| ;; email = use the username part of the email attribute | |||
| ;; Note: `nickname` and `email` options will normalize input strings using the following criteria: | |||
| ;; Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria: | |||
| ;; - diacritics are removed | |||
| ;; - the characters in the set `['´\x60]` are removed | |||
| ;; - the characters in the set `[\s~+]` are replaced with `-` | |||
+ 3
- 2
docs/content/administration/config-cheat-sheet.en-us.md
View File
| @@ -608,9 +608,10 @@ And the following unique queues: | |||
| - `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users. | |||
| - `USERNAME`: **nickname**: The source of the username for new oauth2 accounts: | |||
| - `userid` - use the userid / sub attribute | |||
| - `nickname` - use the nickname attribute | |||
| - `nickname` - use the nickname | |||
| - `preferred_username` - use the preferred_username | |||
| - `email` - use the username part of the email attribute | |||
| - Note: `nickname` and `email` options will normalize input strings using the following criteria: | |||
| - Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria: | |||
| - diacritics are removed | |||
| - the characters in the set `['´\x60]` are removed | |||
| - the characters in the set `[\s~+]` are replaced with `-` | |||
+ 3
- 1
modules/setting/oauth2.go
View File
| @@ -22,11 +22,13 @@ const ( | |||
| OAuth2UsernameNickname OAuth2UsernameType = "nickname" | |||
| // OAuth2UsernameEmail username of oauth2 email field will be used as gitea name | |||
| OAuth2UsernameEmail OAuth2UsernameType = "email" | |||
| // OAuth2UsernameEmail username of oauth2 preferred_username field will be used as gitea name | |||
| OAuth2UsernamePreferredUsername OAuth2UsernameType = "preferred_username" | |||
| ) | |||
| func (username OAuth2UsernameType) isValid() bool { | |||
| switch username { | |||
| case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail: | |||
| case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail, OAuth2UsernamePreferredUsername: | |||
| return true | |||
| } | |||
| return false | |||
+ 7
- 0
routers/web/auth/auth.go
View File
| @@ -386,6 +386,13 @@ func getUserName(gothUser *goth.User) (string, error) { | |||
| switch setting.OAuth2Client.Username { | |||
| case setting.OAuth2UsernameEmail: | |||
| return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0]) | |||
| case setting.OAuth2UsernamePreferredUsername: | |||
| preferredUsername, exists := gothUser.RawData["preferred_username"] | |||
| if exists { | |||
| return user_model.NormalizeUserName(preferredUsername.(string)) | |||
| } else { | |||
| return "", fmt.Errorf("preferred_username is missing in received user data but configured as username source for user_id %q. Check if OPENID_CONNECT_SCOPES contains profile", gothUser.UserID) | |||
| } | |||
| case setting.OAuth2UsernameNickname: | |||
| return user_model.NormalizeUserName(gothUser.NickName) | |||
| default: // OAuth2UsernameUserid | |||
Loading…