From 16a4f911982c7291942d53fd208bab42b6100a6b Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Fri, 21 Apr 2023 17:13:10 +0100 Subject: [PATCH] Set correct OIDC Google principal claim --- .../src/main/java/io/quarkus/oidc/runtime/OidcUtils.java | 3 +++ .../io/quarkus/oidc/runtime/providers/KnownOidcProviders.java | 1 + .../src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java | 3 +++ 3 files changed, 7 insertions(+) diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java index 1141e45b6418f..bf5e70200cf6a 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java @@ -429,6 +429,9 @@ static OidcTenantConfig mergeTenantConfig(OidcTenantConfig tenant, OidcTenantCon if (tenant.token.issuer.isEmpty()) { tenant.token.issuer = provider.token.issuer; } + if (tenant.token.principalClaim.isEmpty()) { + tenant.token.principalClaim = provider.token.principalClaim; + } return tenant; } diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java index 6c94a35a37153..38909dfce8841 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java @@ -63,6 +63,7 @@ private static OidcTenantConfig google() { ret.setAuthServerUrl("https://accounts.google.com"); ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP); ret.getAuthentication().setScopes(List.of("openid", "email", "profile")); + ret.getToken().setPrincipalClaim("name"); return ret; } diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java index 37cc57d5294e9..e82bea9dd1368 100644 --- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java +++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java @@ -195,6 +195,7 @@ public void testAcceptGoogleProperties() throws Exception { assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get()); assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get()); assertEquals("https://accounts.google.com", config.getAuthServerUrl().get()); + assertEquals("name", config.getToken().getPrincipalClaim().get()); assertEquals(List.of("openid", "email", "profile"), config.authentication.scopes.get()); } @@ -206,12 +207,14 @@ public void testOverrideGoogleProperties() throws Exception { tenant.setApplicationType(ApplicationType.HYBRID); tenant.setAuthServerUrl("http://localhost/wiremock"); tenant.authentication.setScopes(List.of("write")); + tenant.token.setPrincipalClaim("firstname"); OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.GOOGLE)); assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get()); assertEquals(ApplicationType.HYBRID, config.getApplicationType().get()); assertEquals("http://localhost/wiremock", config.getAuthServerUrl().get()); + assertEquals("firstname", config.getToken().getPrincipalClaim().get()); assertEquals(List.of("write"), config.authentication.scopes.get()); }