@cloudron/tegel 1.1.4 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/oidc.js +14 -10
package/package.json
CHANGED
package/src/oidc.js
CHANGED
|
@@ -2,6 +2,7 @@ import * as client from 'openid-client';
|
|
|
2
2
|
|
|
3
3
|
let clientConfig = null;
|
|
4
4
|
let redirectUri = null;
|
|
5
|
+
let clientScope = 'openid profile email';
|
|
5
6
|
|
|
6
7
|
/**
|
|
7
8
|
* Initialize the OIDC client by discovering the issuer
|
|
@@ -10,11 +11,14 @@ export async function initOIDC({
|
|
|
10
11
|
issuer = process.env.CLOUDRON_OIDC_ISSUER,
|
|
11
12
|
clientId = process.env.CLOUDRON_OIDC_CLIENT_ID,
|
|
12
13
|
clientSecret = process.env.CLOUDRON_OIDC_CLIENT_SECRET,
|
|
13
|
-
callbackUrl = (process.env.CLOUDRON_APP_ORIGIN || 'http://localhost:3000') + '/auth/callback'
|
|
14
|
+
callbackUrl = (process.env.CLOUDRON_APP_ORIGIN || 'http://localhost:3000') + '/auth/callback',
|
|
15
|
+
extraScope = '',
|
|
14
16
|
}) {
|
|
15
17
|
const issuerUrl = new URL(issuer);
|
|
16
18
|
redirectUri = new URL(callbackUrl);
|
|
17
19
|
|
|
20
|
+
clientScope = `${clientScope} ${extraScope}`;
|
|
21
|
+
|
|
18
22
|
clientConfig = await client.discovery(
|
|
19
23
|
issuerUrl,
|
|
20
24
|
clientId,
|
|
@@ -40,7 +44,7 @@ export async function getAuthorizationUrl(req) {
|
|
|
40
44
|
|
|
41
45
|
const parameters = {
|
|
42
46
|
redirect_uri: redirectUri,
|
|
43
|
-
scope:
|
|
47
|
+
scope: clientScope,
|
|
44
48
|
code_challenge: codeChallenge,
|
|
45
49
|
code_challenge_method: 'S256',
|
|
46
50
|
state
|
|
@@ -87,15 +91,15 @@ export async function handleCallback(req) {
|
|
|
87
91
|
// Clean up session OIDC state
|
|
88
92
|
delete req.session.oidc;
|
|
89
93
|
|
|
94
|
+
// give common props a nicer name but otherwise return full userInfo as it may have other scopes
|
|
95
|
+
userInfo.username = userInfo.sub;
|
|
96
|
+
userInfo.username = userInfo.sub;
|
|
97
|
+
userInfo.familyName = userInfo.family_name;
|
|
98
|
+
userInfo.givenName = userInfo.given_name;
|
|
99
|
+
userInfo.displayName = userInfo.name;
|
|
100
|
+
|
|
90
101
|
return {
|
|
91
102
|
tokens,
|
|
92
|
-
user:
|
|
93
|
-
username: userInfo.sub,
|
|
94
|
-
email: userInfo.email,
|
|
95
|
-
familyName: userInfo.family_name,
|
|
96
|
-
givenName: userInfo.given_name,
|
|
97
|
-
displayName: userInfo.name,
|
|
98
|
-
picture: userInfo.picture
|
|
99
|
-
}
|
|
103
|
+
user: userInfo,
|
|
100
104
|
};
|
|
101
105
|
}
|