Skip to content

Commit

Permalink
Merge pull request #1545 from jacksontj/getUserInfo
Browse files Browse the repository at this point in the history 
Run getUserInfo prior to claim enforcement
  • Loading branch information
@bonifaido
bonifaido authored Oct 30, 2019
2 parents d5d3abc + 512cb31 commit f2590ee
Showing 1 changed file with 11 additions and 10 deletions.
21 changes: 11 additions & 10 deletions connector/oidc/oidc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,17 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
return identity, fmt.Errorf("oidc: failed to decode claims: %v", err)
}

// We immediately want to run getUserInfo if configured before we validate the claims
if c.getUserInfo {
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
if err != nil {
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
}
if err := userInfo.Claims(&claims); err != nil {
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
}
}

userNameKey := "name"
if c.userNameKey != "" {
userNameKey = c.userNameKey
Expand Down Expand Up @@ -249,16 +260,6 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
}
}

if c.getUserInfo {
userInfo, err := c.provider.UserInfo(r.Context(), oauth2.StaticTokenSource(token))
if err != nil {
return identity, fmt.Errorf("oidc: error loading userinfo: %v", err)
}
if err := userInfo.Claims(&claims); err != nil {
return identity, fmt.Errorf("oidc: failed to decode userinfo claims: %v", err)
}
}

identity = connector.Identity{
UserID: idToken.Subject,
Username: name,
Expand Down

0 comments on commit f2590ee

Please sign in to comment.