selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: allow configurable username claim field in OIDC (#5507) 

Co-authored-by: Colin Adler <colin1adler@gmail.com>
This commit is contained in:
Jan Losinski 2023-01-04 22:16:31 +01:00 committed by GitHub
parent 8968a00035
commit de0601d611
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cli/deployment/config.go
View File

@ -248,6 +248,12 @@ func newConfig() *codersdk.DeploymentConfig {
Flag: "oidc-ignore-email-verified",
Default: false,
},
UsernameField: &codersdk.DeploymentConfigField[string]{
Name: "OIDC Username Field",
Usage: "OIDC claim field to use as the username.",
Flag: "oidc-username-field",
Default: "preferred_username",
},
},
Telemetry: &codersdk.TelemetryConfig{

5
cli/server.go
View File

@ -526,8 +526,9 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
Verifier: oidcProvider.Verifier(&oidc.Config{
ClientID: cfg.OIDC.ClientID.Value,
}),
EmailDomain: cfg.OIDC.EmailDomain.Value,
AllowSignups: cfg.OIDC.AllowSignups.Value,
EmailDomain: cfg.OIDC.EmailDomain.Value,
AllowSignups: cfg.OIDC.AllowSignups.Value,
UsernameField: cfg.OIDC.UsernameField.Value,
}
}

3
cli/testdata/coder_server_--help.golden vendored
View File

@ -112,6 +112,9 @@ Flags:
OIDC.
Consumes $CODER_OIDC_SCOPES (default
[openid,profile,email])
--oidc-username-field string OIDC claim field to use as the username.
Consumes $CODER_OIDC_USERNAME_FIELD
(default "preferred_username")
--postgres-url string URL of a PostgreSQL database. If empty,
PostgreSQL binaries will be downloaded
from Maven

3
coderd/apidoc/docs.go
View File

@ -1975,6 +1975,9 @@ const docTemplate = `{
},
"scopes": {
"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
},
"username_field": {
"$ref": "#/definitions/codersdk.DeploymentConfigField-string"
}
}
},

3
coderd/apidoc/swagger.json
View File

@ -1795,6 +1795,9 @@
},
"scopes": {
"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
},
"username_field": {
"$ref": "#/definitions/codersdk.DeploymentConfigField-string"
}
}
},

1
coderd/coderdtest/coderdtest.go
View File

@ -880,6 +880,7 @@ func (o *OIDCConfig) OIDCConfig() *coderd.OIDCConfig {
}, &oidc.Config{
SkipClientIDCheck: true,
}),
UsernameField: "preferred_username",
}
}

5
coderd/userauth.go
View File

@ -198,6 +198,9 @@ type OIDCConfig struct {
// IgnoreEmailVerified allows ignoring the email_verified claim
// from an upstream OIDC provider. See #5065 for context.
IgnoreEmailVerified bool
// UsernameField selects the claim field to be used as the created user's
// username.
UsernameField string
}
func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
@ -236,7 +239,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
})
return
}
usernameRaw, ok := claims["preferred_username"]
usernameRaw, ok := claims[api.OIDCConfig.UsernameField]
var username string
if ok {
username, _ = usernameRaw.(string)

1
codersdk/deploymentconfig.go
View File

@ -99,6 +99,7 @@ type OIDCConfig struct {
IssuerURL *DeploymentConfigField[string] `json:"issuer_url" typescript:",notnull"`
Scopes *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
IgnoreEmailVerified *DeploymentConfigField[bool] `json:"ignore_email_verified" typescript:",notnull"`
UsernameField *DeploymentConfigField[string] `json:"username_field" typescript:",notnull"`
}
type TelemetryConfig struct {

11
docs/api/general.md
View File

@ -535,6 +535,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
"shorthand": "string",
"usage": "string",
"value": "string"
},
"username_field": {
"default": "string",
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": "string"
}
},
"pg_connection_url": {

23
docs/api/schemas.md
View File

@ -1119,6 +1119,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
"shorthand": "string",
"usage": "string",
"value": "string"
},
"username_field": {
"default": "string",
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": "string"
}
},
"pg_connection_url": {
@ -2072,6 +2083,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
"shorthand": "string",
"usage": "string",
"value": "string"
},
"username_field": {
"default": "string",
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": "string"
}
}
```
@ -2087,6 +2109,7 @@ CreateParameterRequest is a structure used to create a new parameter value for a
| `ignore_email_verified` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | |
| `issuer_url` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string) | false | | |
| `scopes` | [codersdk.DeploymentConfigField-array_string](#codersdkdeploymentconfigfield-array_string) | false | | |
| `username_field` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string) | false | | |
## codersdk.Parameter

1
site/src/api/typesGenerated.ts
View File

@ -452,6 +452,7 @@ export interface OIDCConfig {
readonly issuer_url: DeploymentConfigField<string>
readonly scopes: DeploymentConfigField<string[]>
readonly ignore_email_verified: DeploymentConfigField<boolean>
readonly username_field: DeploymentConfigField<string>
}
// From codersdk/organizations.go