mirror of https://github.com/coder/coder.git
feat: allow configurable username claim field in OIDC (#5507)
Co-authored-by: Colin Adler <colin1adler@gmail.com>
This commit is contained in:
parent
8968a00035
commit
de0601d611
|
@ -248,6 +248,12 @@ func newConfig() *codersdk.DeploymentConfig {
|
|||
Flag: "oidc-ignore-email-verified",
|
||||
Default: false,
|
||||
},
|
||||
UsernameField: &codersdk.DeploymentConfigField[string]{
|
||||
Name: "OIDC Username Field",
|
||||
Usage: "OIDC claim field to use as the username.",
|
||||
Flag: "oidc-username-field",
|
||||
Default: "preferred_username",
|
||||
},
|
||||
},
|
||||
|
||||
Telemetry: &codersdk.TelemetryConfig{
|
||||
|
|
|
@ -526,8 +526,9 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
|
|||
Verifier: oidcProvider.Verifier(&oidc.Config{
|
||||
ClientID: cfg.OIDC.ClientID.Value,
|
||||
}),
|
||||
EmailDomain: cfg.OIDC.EmailDomain.Value,
|
||||
AllowSignups: cfg.OIDC.AllowSignups.Value,
|
||||
EmailDomain: cfg.OIDC.EmailDomain.Value,
|
||||
AllowSignups: cfg.OIDC.AllowSignups.Value,
|
||||
UsernameField: cfg.OIDC.UsernameField.Value,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -112,6 +112,9 @@ Flags:
|
|||
OIDC.
|
||||
Consumes $CODER_OIDC_SCOPES (default
|
||||
[openid,profile,email])
|
||||
--oidc-username-field string OIDC claim field to use as the username.
|
||||
Consumes $CODER_OIDC_USERNAME_FIELD
|
||||
(default "preferred_username")
|
||||
--postgres-url string URL of a PostgreSQL database. If empty,
|
||||
PostgreSQL binaries will be downloaded
|
||||
from Maven
|
||||
|
|
|
@ -1975,6 +1975,9 @@ const docTemplate = `{
|
|||
},
|
||||
"scopes": {
|
||||
"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
|
||||
},
|
||||
"username_field": {
|
||||
"$ref": "#/definitions/codersdk.DeploymentConfigField-string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -1795,6 +1795,9 @@
|
|||
},
|
||||
"scopes": {
|
||||
"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
|
||||
},
|
||||
"username_field": {
|
||||
"$ref": "#/definitions/codersdk.DeploymentConfigField-string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -880,6 +880,7 @@ func (o *OIDCConfig) OIDCConfig() *coderd.OIDCConfig {
|
|||
}, &oidc.Config{
|
||||
SkipClientIDCheck: true,
|
||||
}),
|
||||
UsernameField: "preferred_username",
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -198,6 +198,9 @@ type OIDCConfig struct {
|
|||
// IgnoreEmailVerified allows ignoring the email_verified claim
|
||||
// from an upstream OIDC provider. See #5065 for context.
|
||||
IgnoreEmailVerified bool
|
||||
// UsernameField selects the claim field to be used as the created user's
|
||||
// username.
|
||||
UsernameField string
|
||||
}
|
||||
|
||||
func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
|
||||
|
@ -236,7 +239,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
|
|||
})
|
||||
return
|
||||
}
|
||||
usernameRaw, ok := claims["preferred_username"]
|
||||
usernameRaw, ok := claims[api.OIDCConfig.UsernameField]
|
||||
var username string
|
||||
if ok {
|
||||
username, _ = usernameRaw.(string)
|
||||
|
|
|
@ -99,6 +99,7 @@ type OIDCConfig struct {
|
|||
IssuerURL *DeploymentConfigField[string] `json:"issuer_url" typescript:",notnull"`
|
||||
Scopes *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
|
||||
IgnoreEmailVerified *DeploymentConfigField[bool] `json:"ignore_email_verified" typescript:",notnull"`
|
||||
UsernameField *DeploymentConfigField[string] `json:"username_field" typescript:",notnull"`
|
||||
}
|
||||
|
||||
type TelemetryConfig struct {
|
||||
|
|
|
@ -535,6 +535,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
|
|||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
},
|
||||
"username_field": {
|
||||
"default": "string",
|
||||
"enterprise": true,
|
||||
"flag": "string",
|
||||
"hidden": true,
|
||||
"name": "string",
|
||||
"secret": true,
|
||||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
}
|
||||
},
|
||||
"pg_connection_url": {
|
||||
|
|
|
@ -1119,6 +1119,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
|
|||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
},
|
||||
"username_field": {
|
||||
"default": "string",
|
||||
"enterprise": true,
|
||||
"flag": "string",
|
||||
"hidden": true,
|
||||
"name": "string",
|
||||
"secret": true,
|
||||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
}
|
||||
},
|
||||
"pg_connection_url": {
|
||||
|
@ -2072,6 +2083,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
|
|||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
},
|
||||
"username_field": {
|
||||
"default": "string",
|
||||
"enterprise": true,
|
||||
"flag": "string",
|
||||
"hidden": true,
|
||||
"name": "string",
|
||||
"secret": true,
|
||||
"shorthand": "string",
|
||||
"usage": "string",
|
||||
"value": "string"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
@ -2087,6 +2109,7 @@ CreateParameterRequest is a structure used to create a new parameter value for a
|
|||
| `ignore_email_verified` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | |
|
||||
| `issuer_url` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string) | false | | |
|
||||
| `scopes` | [codersdk.DeploymentConfigField-array_string](#codersdkdeploymentconfigfield-array_string) | false | | |
|
||||
| `username_field` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string) | false | | |
|
||||
|
||||
## codersdk.Parameter
|
||||
|
||||
|
|
|
@ -452,6 +452,7 @@ export interface OIDCConfig {
|
|||
readonly issuer_url: DeploymentConfigField<string>
|
||||
readonly scopes: DeploymentConfigField<string[]>
|
||||
readonly ignore_email_verified: DeploymentConfigField<boolean>
|
||||
readonly username_field: DeploymentConfigField<string>
|
||||
}
|
||||
|
||||
// From codersdk/organizations.go
|
||||
|
|
Loading…
Reference in New Issue