feat(oauth): add oidc username claim (#357)

* feat(oauth): add oidc username claim * style: remove undefined
2026-04-17 12:43:13 +02:00 · 2023-12-20 19:32:42 +08:00
parent f179189b59
commit 3ea52a24ef
4 changed files with 52 additions and 11 deletions
--- a/backend/src/oauth/provider/genericOidc.provider.ts
+++ b/backend/src/oauth/provider/genericOidc.provider.ts
@@ -108,6 +108,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
  async getUserInfo(
    token: OAuthToken<OidcToken>,
    query: OAuthCallbackDto,
+    claim?: string
  ): Promise<OAuthSignInDto> {
    const idTokenData = this.decodeIdToken(token.idToken);
    // maybe it's not necessary to verify the id token since it's directly obtained from the provider
@@ -122,11 +123,30 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
      throw new ErrorPageException("invalid_token");
    }

+    const username = claim
+      ? idTokenData[claim]
+      : idTokenData.name ||
+        idTokenData.nickname ||
+        idTokenData.preferred_username;
+
+    if (!username) {
+      this.logger.error(
+        `Can not get username from ID Token ${JSON.stringify(
+          idTokenData,
+          undefined,
+          2,
+        )}`,
+      );
+      throw new ErrorPageException("cannot_get_user_info", undefined, [
+        `provider_${this.name}`,
+      ]);
+    }
+
    return {
      provider: this.name as any,
      email: idTokenData.email,
      providerId: idTokenData.sub,
-      providerUsername: idTokenData.name,
+      providerUsername: username,
    };
  }

@@ -211,5 +231,7 @@ export interface OidcIdToken {
  iat: number;
  email: string;
  name: string;
+  nickname: string;
+  preferred_username: string;
  nonce: string;
 }