matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Possibility to configure an OpenID Connect provider on the instance

Browse Source 
level WIP (#128):

Small fixes, so it works with Google accounts.
This commit is contained in:
John Livingston 2024-04-18 10:23:52 +02:00
parent a4e42a11b9
commit c3d7102d4a
No known key found for this signature in database
GPG Key ID: B17B5640CE66CDBC
2 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
server/lib/external-auth/oidc.ts
View File

@ -311,6 +311,8 @@ class ExternalAuthOIDC {
} }
const userInfo = await this.client.userinfo(accessToken) const userInfo = await this.client.userinfo(accessToken)
this.logger.debug('User info: ' + JSON.stringify(userInfo))
if (!userInfo) { if (!userInfo) {
throw new ExternalAuthenticationError('Can\'t retrieve userInfos') throw new ExternalAuthenticationError('Can\'t retrieve userInfos')
} }
@ -434,16 +436,39 @@ class ExternalAuthOIDC {
/** /**
* Get an attribute from the userInfos. * Get an attribute from the userInfos.
* @param userInfos userInfos returned by the remote OIDC Provider * @param userInfos userInfos returned by the remote OIDC Provider.
* @param field the field to get * @param normalizedFieldName the field to get (internal normalized name).
* @returns the value if present * @returns the value if present.
*/ */
private readUserInfoField (userInfos: UnknownObject, field: UserInfoField): string | undefined { private readUserInfoField (userInfos: UnknownObject, normalizedFieldName: UserInfoField): string | undefined {
// FIXME: do some attribute mapping? (add settings for that?) // FIXME: do some explicit attribute mapping? (add settings for that?)
if (!(field in userInfos)) { return undefined } // For now, we will try some standards field names.
if (typeof userInfos[field] !== 'string') { return undefined }
if (userInfos[field] === '') { return undefined } const guesses: string[] = [normalizedFieldName]
return userInfos[field] as string
// Note: see "Standard Claims" section https://openid.net/specs/openid-connect-core-1_0.html
switch (normalizedFieldName) {
case 'username':
guesses.push('sub') // unique identifier, see https://openid.net/specs/openid-connect-core-1_0.html
break
case 'last_name':
guesses.push('family_name')
break
case 'first_name':
guesses.push('given_name')
break
case 'nickname':
guesses.push('name')
break
}
for (const field of guesses) {
if (!(field in userInfos)) { continue }
if (typeof userInfos[field] !== 'string') { continue }
if (userInfos[field] === '') { continue }
return userInfos[field] as string
}
return undefined
} }
/** /**

2
server/lib/routers/oidc.ts
View File

@ -66,7 +66,7 @@ async function initOIDCRouter (options: RegisterServerOptions): Promise<Router>
} }
const externalAccountInfos = await oidc.validateAuthenticationProcess(req) const externalAccountInfos = await oidc.validateAuthenticationProcess(req)
logger.debug(JSON.stringify( logger.debug('external account infos: ' + JSON.stringify(
Object.assign( Object.assign(
{}, {},
externalAccountInfos, externalAccountInfos,