Possibility to configure an OpenID Connect provider on the instance level WIP (#128).

2024-04-17 16:35:26 +02:00
parent 8574ab581d
commit 3a5f27e751
7 changed files with 230 additions and 1 deletions
--- a/server/lib/routers/oidc.ts
+++ b/server/lib/routers/oidc.ts
@ -4,6 +4,7 @@ import type { OIDCAuthResult } from '../../../shared/lib/types'
 import { asyncMiddleware } from '../middlewares/async'
 import { ExternalAuthOIDC } from '../external-auth/oidc'
 import { ExternalAuthenticationError } from '../external-auth/error'
+import { ensureUser } from '../prosody/api/manage-users'

 /**
 * When using a popup for OIDC, writes the HTML/Javascript to close the popup
@ -65,7 +66,22 @@ async function initOIDCRouter (options: RegisterServerOptions): Promise<Router>
        }

        const externalAccountInfos = await oidc.validateAuthenticationProcess(req)
-        logger.info(JSON.stringify(externalAccountInfos)) // FIXME (normalize data type, process, ...)
+        logger.debug(JSON.stringify(
+          Object.assign(
+            {},
+            externalAccountInfos,
+            {
+              password: '**removed**' // removing the password from logs!
+            }
+          )
+        ))
+
+        // Now we create or update the user:
+        if (!await ensureUser(options, externalAccountInfos)) {
+          throw new ExternalAuthenticationError(
+            'Failing to create your account, please try again later or report this issue'
+          )
+        }

        res.send(popupResultHTML({
          ok: true,