Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add preferred_username support (OIDC provider) #420

Merged
merged 6 commits into from
Mar 1, 2020
Merged

Add preferred_username support (OIDC provider) #420

merged 6 commits into from
Mar 1, 2020

Conversation

ffdybuster
Copy link
Contributor

Description

This PR adds a new claim, preferred_username. I added code for the OIDC provider to support it and tested it with dex (dexidp/dex#1566).

Motivation and Context

Since #282 doesn't look like it will get done anytime soon, and since I really need preferred_username, I created this PR to add this specific claim. I don't really know the other connectors next to OIDC (and can't test them), so I only added support in there. I don't think the PR will break any of the other providers (the claim is returned empty for them and thus the headers will not be added).

How Has This Been Tested?

I've build the docker container and ran it in our system for almost a day without problems. Our system uses dex via OIDC provider, and is used from Nginx via auth_request.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@ffdybuster ffdybuster requested a review from a team February 27, 2020 08:47
JoelSpeed
JoelSpeed reviewed Feb 29, 2020
View reviewed changes
oauthproxy.go
@@ -350,6 +351,10 @@ func (p *OAuthProxy) redeemCode(host, code string) (s *sessionsapi.SessionState,
s.Email, err = p.provider.GetEmailAddress(s)
}

if s.PreferredUsername == "" {
s.PreferredUsername, err = p.provider.GetPreferredUsername(s)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error is currently unchecked, and, for most providers, will always error, can we add a check on this error similar to the one below for s.User

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure! I've added it in ae34f54.

@felixfontein
Copy link
Contributor

(Rebased to resolve conflicts.)

JoelSpeed
JoelSpeed approved these changes Mar 1, 2020
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @ffdybuster

@JoelSpeed JoelSpeed merged commit d934309 into oauth2-proxy:master Mar 1, 2020
@ffdybuster ffdybuster deleted the add-preferred-username branch March 2, 2020 08:02
@ffdybuster
Copy link
Contributor Author

@JoelSpeed thanks a lot for reviewing and merging! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein left review comments

@JoelSpeed JoelSpeed JoelSpeed approved these changes

@steakunderscore steakunderscore Awaiting requested review from steakunderscore

@loshz loshz Awaiting requested review from loshz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ffdybuster @felixfontein @JoelSpeed