Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove hard-coded loadUserInfo to make it configurable #2167

Merged
merged 2 commits into from
Nov 13, 2020
Merged

Remove hard-coded loadUserInfo to make it configurable #2167

merged 2 commits into from
Nov 13, 2020

Conversation

Tiiinky
Copy link
Contributor

@Tiiinky Tiiinky commented Nov 13, 2020
edited
Loading

Hello @dannyrb ,

I have removed the hard-coded loadUserInfo: true, when creating the UserManager. This flag causes an additional call to the userinfo endpoint as described in the oidc-client documents:

loadUserInfo (boolean, default: true): Flag to control if additional identity data is loaded from the user info endpoint in order to populate the user's profile.

With AzureAD this call can cause a 401 as described in this ticket: IdentityModel/oidc-client-js#1028
By hard-coding this to true, it is not possible to work around this issue. (If not configured this value is true by default anyway, which makes this even more useless)

Without this line of code it is now possible to disable the loadUserInfo and therefore make the oidc authentication with AzureAD work.
Example config:

window.config = {
  // default: '/'
  routerBasename: '/',
  whiteLabelling: {},
  extensions: [],
  showStudyList: true,
  filterQueryParam: false,
  servers: {
    dicomWeb: [
      {
        name: 'PACS',
        wadoUriRoot: "https://${root_uri}/wado",
        qidoRoot: "https://${root_uri}/dicom-web",
        wadoRoot: "https://${root_uri}/dicom-web",
        qidoSupportsIncludeField: true,
        imageRendering: 'wadouri',
        thumbnailRendering: 'wadouri',
        enableStudyLazyLoad: true,
      },
    ],
  },
  oidc: [
    {
      authority: 'https://login.microsoftonline.com/${tenant_id}',
      client_id: '${client_id}',
      redirect_uri: '/callback',
      response_type: 'code',
      loadUserInfo: false,
      scope: 'openid profile email ${resource_id}/.default',
      post_logout_redirect_uri: '/logout-redirect.html',
      metadata: {
        issuer: 'https://login.microsoftonline.com/${tenant_id}/v2.0',
        authorization_endpoint: 'https://login.microsoftonline.com/${tenant_id}/oauth2/v2.0/authorize',
        token_endpoint: 'https://login.microsoftonline.com/${tenant_id}/oauth2/v2.0/token',
        userinfo_endpoint: 'https://graph.microsoft.com/oidc/userinfo',
        jwks_uri: 'https://login.microsoftonline.com/${tenant_id}/discovery/v2.0/keys',

      },
      signingKeys: ${signingKeys}
  ],
  cornerstoneExtensionConfig: {}
}

@swederik swederik merged commit 04ca32a into OHIF:master Nov 13, 2020
@swederik
Copy link
Member

LGTM! Thanks!

@mschmieder mschmieder mentioned this pull request Nov 19, 2020
Closed
Punzo pushed a commit to Punzo/Viewers that referenced this pull request Dec 3, 2020
@Tiiinky @DSchiffl @Punzo
chore: OpenID Connect: Remove hard-coded loadUserInfo to make it conf…
5bbdd33 
…igurable (OHIF#2167)

* removed hard-coded loadUserInfo

* undo styling

Co-authored-by: Daniel Schiffl <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Tiiinky @swederik @DSchiffl