From 8cda8924df2fc2bf3abc2a50bb703c39eecd1ee6 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Mon, 3 Jul 2023 10:43:35 +0200 Subject: [PATCH] :sparkles: Add the ability to select user info source using the PENPOT_OIDC_USER_INFO_SOURCE environment variable with two possible values: token and userinfo --- backend/src/app/auth/oidc.clj | 8 ++++++-- backend/src/app/config.clj | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/backend/src/app/auth/oidc.clj b/backend/src/app/auth/oidc.clj index 41e3c6355e..5330efc098 100644 --- a/backend/src/app/auth/oidc.clj +++ b/backend/src/app/auth/oidc.clj @@ -424,8 +424,12 @@ code (get params :code) state (tokens/verify props {:token state :iss :oauth}) tdata (fetch-access-token cfg code) - info (or (get-user-info cfg tdata) - (fetch-user-info cfg tdata)) + info (case (cf/get :oidc-user-info-source) + :token (get-user-info cfg tdata) + :userinfo (fetch-user-info cfg tdata) + (or (get-user-info cfg tdata) + (fetch-user-info cfg tdata))) + info (process-user-info provider tdata info)] (l/trace :hint "user info" :info info) diff --git a/backend/src/app/config.clj b/backend/src/app/config.clj index d2cfc2cfb8..ed98060d2b 100644 --- a/backend/src/app/config.clj +++ b/backend/src/app/config.clj @@ -146,6 +146,7 @@ (s/def ::google-client-id ::us/string) (s/def ::google-client-secret ::us/string) (s/def ::oidc-client-id ::us/string) +(s/def ::oidc-user-info-source ::us/keyword) (s/def ::oidc-client-secret ::us/string) (s/def ::oidc-base-uri ::us/string) (s/def ::oidc-token-uri ::us/string) @@ -242,6 +243,7 @@ ::google-client-secret ::oidc-client-id ::oidc-client-secret + ::oidc-user-info-source ::oidc-base-uri ::oidc-token-uri ::oidc-auth-uri