OIDC: add profile and email scope to OAuth2 config

Fixes #728 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-22 10:20:14 +01:00 · 2022-02-22 10:20:14 +01:00 · 670018f05e
commit 670018f05e
parent 8bbf54d2b6
2 changed files with 11 additions and 2 deletions
--- a/httpd/oidc.go
+++ b/httpd/oidc.go
@ -137,7 +137,7 @@ func (o *OIDC) initialize() error {
 		ClientSecret: o.ClientSecret,
 		Endpoint:     o.provider.Endpoint(),
 		RedirectURL:  o.getRedirectURL(),
-		Scopes:       []string{oidc.ScopeOpenID},
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
 	}

 	return nil
@ -175,8 +175,17 @@ type oidcToken struct {
 }

 func (t *oidcToken) parseClaims(claims map[string]interface{}, usernameField, roleField string) error {
+	getClaimsFields := func() []string {
+		keys := make([]string, 0, len(claims))
+		for k := range claims {
+			keys = append(keys, k)
+		}
+		return keys
+	}
+
 	username, ok := claims[usernameField].(string)
 	if !ok || username == "" {
+		logger.Warn(logSender, "", "username field %#v not found, claims fields: %+v", usernameField, getClaimsFields())
 		return errors.New("no username field")
 	}
 	t.Username = username
--- a/httpd/oidc_test.go
+++ b/httpd/oidc_test.go
@ -261,7 +261,7 @@ func TestOIDCLoginLogout(t *testing.T) {
 		Nonce:  authReq.Nonce,
 		Expiry: time.Now().Add(5 * time.Minute),
 	}
-	setIDTokenClaims(idToken, []byte(`{}`))
+	setIDTokenClaims(idToken, []byte(`{"aud": "my_client_id"}`))
 	server.binding.OIDC.verifier = &mockOIDCVerifier{
 		err:   nil,
 		token: idToken,