feat(oauth): add oidc username claim (#357)

* feat(oauth): add oidc username claim * style: remove undefined
2026-04-11 10:27:01 +02:00 · 2023-12-20 19:32:42 +08:00
parent f179189b59
commit 3ea52a24ef
4 changed files with 52 additions and 11 deletions
--- a/backend/src/oauth/provider/genericOidc.provider.ts
+++ b/backend/src/oauth/provider/genericOidc.provider.ts
@@ -108,6 +108,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
  async getUserInfo(
    token: OAuthToken<OidcToken>,
    query: OAuthCallbackDto,
+    claim?: string
  ): Promise<OAuthSignInDto> {
    const idTokenData = this.decodeIdToken(token.idToken);
    // maybe it's not necessary to verify the id token since it's directly obtained from the provider
@@ -122,11 +123,30 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
      throw new ErrorPageException("invalid_token");
    }

+    const username = claim
+      ? idTokenData[claim]
+      : idTokenData.name ||
+        idTokenData.nickname ||
+        idTokenData.preferred_username;
+
+    if (!username) {
+      this.logger.error(
+        `Can not get username from ID Token ${JSON.stringify(
+          idTokenData,
+          undefined,
+          2,
+        )}`,
+      );
+      throw new ErrorPageException("cannot_get_user_info", undefined, [
+        `provider_${this.name}`,
+      ]);
+    }
+
    return {
      provider: this.name as any,
      email: idTokenData.email,
      providerId: idTokenData.sub,
-      providerUsername: idTokenData.name,
+      providerUsername: username,
    };
  }

@@ -211,5 +231,7 @@ export interface OidcIdToken {
  iat: number;
  email: string;
  name: string;
+  nickname: string;
+  preferred_username: string;
  nonce: string;
 }
--- a/backend/src/oauth/provider/oidc.provider.ts
+++ b/backend/src/oauth/provider/oidc.provider.ts
@@ -1,9 +1,12 @@
-import { GenericOidcProvider } from "./genericOidc.provider";
+import { GenericOidcProvider, OidcToken } from "./genericOidc.provider";
 import { Inject, Injectable } from "@nestjs/common";
 import { ConfigService } from "../../config/config.service";
 import { JwtService } from "@nestjs/jwt";
 import { CACHE_MANAGER } from "@nestjs/cache-manager";
 import { Cache } from "cache-manager";
+import { OAuthCallbackDto } from "../dto/oauthCallback.dto";
+import { OAuthSignInDto } from "../dto/oauthSignIn.dto";
+import { OAuthToken } from "./oauthProvider.interface";

@Injectable()
 export class OidcProvider extends GenericOidcProvider {
@@ -24,4 +27,13 @@ export class OidcProvider extends GenericOidcProvider {
  protected getDiscoveryUri(): string {
    return this.config.get("oauth.oidc-discoveryUri");
  }
+
+  getUserInfo(
+    token: OAuthToken<OidcToken>,
+    query: OAuthCallbackDto,
+    _?: string,
+  ): Promise<OAuthSignInDto> {
+    const claim = this.config.get("oauth.oidc-usernameClaim") || undefined;
+    return super.getUserInfo(token, query, claim);
+  }
 }