Skip to content
Snippets Groups Projects
Commit 881732fa authored by pascoual's avatar pascoual
Browse files

Add: ignore_scopes QUIRKS, user_id+username claims

parent a520e78b
No related branches found
No related tags found
2 merge requests!20Add 'remember me' button,!13Add: ignore_scopes QUIRK
......@@ -36,7 +36,8 @@ class GenericOIDCApplication(base.OIDCApplication):
special_mappings = fields.SelectMultipleField(
_('Enabled special claim mappings'), choices=[
("mask_sub_uuid", _("Mask the profile uuid")),
("original_email", _("Return the actual user email"))
("original_email", _("Return the actual user email")),
("ignore_scopes", _("Return all claims independently of asked scopes"))
]
)
submit = fields.SubmitField(_('Submit'))
......
......@@ -125,14 +125,16 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
"""
special_mappings = self.service.config.get("special_mappings", [])
claims = dict()
if "profile" in scope:
if "profile" in scope or "ignore_scopes" in special_mappings:
claims.update(
sub=profile.username if "mask_sub_uuid" in special_mappings else profile.uuid,
name=profile.username,
preferred_username=profile.username,
login=profile.username
login=profile.username,
user_id=None if "mask_sub_uuid" in special_mappings else profile.uuid,
username=profile.username
)
if "email" in scope:
if "email" in scope or "ignore_scopes" in special_mappings:
user_email = profile.user.contact.get("email") if profile.user.contact else None
claims.update(
email=user_email if "original_email" in special_mappings else profile.email
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment