knadh/listmonk
1
1
Fork 0
mirror of https://github.com/knadh/listmonk.git synced 2024-11-14 19:45:26 +08:00
Code Issues Projects Releases Packages Wiki Activity

Pull e-mail from userinfo endpoint if OIDC token endpoint doesn't return it.

Browse source
This commit is contained in:
Kailash Nadh 2024-10-23 15:09:05 +05:30
parent a37d414869
commit 25cdb7b18e
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
internal/auth/auth.go
View file

@ -73,6 +73,7 @@ type Auth struct {
cfg Config cfg Config
oauthCfg oauth2.Config oauthCfg oauth2.Config
verifier *oidc.IDTokenVerifier verifier *oidc.IDTokenVerifier
provider *oidc.Provider
sess *simplesessions.Manager sess *simplesessions.Manager
sessStore *postgres.Store sessStore *postgres.Store
cb *Callbacks cb *Callbacks
@ -92,9 +93,9 @@ func New(cfg Config, db *sql.DB, cb *Callbacks, lo *log.Logger) (*Auth, error) {
if cfg.OIDC.Enabled { if cfg.OIDC.Enabled {
provider, err := oidc.NewProvider(context.Background(), cfg.OIDC.ProviderURL) provider, err := oidc.NewProvider(context.Background(), cfg.OIDC.ProviderURL)
if err != nil { if err != nil {
cfg.OIDC.Enabled = false
lo.Printf("error initializing OIDC OAuth provider: %v", err) lo.Printf("error initializing OIDC OAuth provider: %v", err)
} else { } else {
a.verifier = provider.Verifier(&oidc.Config{ a.verifier = provider.Verifier(&oidc.Config{
ClientID: cfg.OIDC.ClientID, ClientID: cfg.OIDC.ClientID,
}) })
@ -106,6 +107,7 @@ func New(cfg Config, db *sql.DB, cb *Callbacks, lo *log.Logger) (*Auth, error) {
RedirectURL: cfg.OIDC.RedirectURL, RedirectURL: cfg.OIDC.RedirectURL,
Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
} }
a.provider = provider
} }
} }
@ -202,6 +204,19 @@ func (o *Auth) ExchangeOIDCToken(code, nonce string) (string, OIDCclaim, error)
return "", OIDCclaim{}, errors.New("error getting user from OIDC") return "", OIDCclaim{}, errors.New("error getting user from OIDC")
} }
// If claims doesn't have the e-mail, attempt to fetch it from the userinfo endpoint.
if claims.Email == "" {
userInfo, err := o.provider.UserInfo(context.TODO(), oauth2.StaticTokenSource(tk))
if err != nil {
return "", OIDCclaim{}, errors.New("error fetching user info from OIDC")
}
// Parse the UserInfo claims into the claims struct
if err := userInfo.Claims(&claims); err != nil {
return "", OIDCclaim{}, errors.New("error parsing user info claims")
}
}
return rawIDTk, claims, nil return rawIDTk, claims, nil
} }