feat: fix + enable OIDC auth method (#2282)

* fix: pass userinfo URL in oidc strategy The userinfo URL from the definition was not being provided to the passport strategy, which resulted in a type error trying to resolve the user's profile. Furthermore, the name of the defined URL was inconsistent with all other authentication method URLs. * fix: pass all necessary scopes to oidc auth method When no scopes are provided, passport-openidconnect uses only `openid`, which does not contain the username or email address. Include `profile` and `email` to ensure the necessary claims are included. * fix: update oidc method to call processProfile correctly Now the profile object and providerKey are passed to processProfile. The usernameClaim no longer has any use as the email address is the username. * fix: mark oidc authentication method as available

feat: fix + enable OIDC auth method (#2282)
d5d368cd · Dan Nicholson · GitHub · 95b6a7ad · d5d368cd · d5d368cd
Unverified Commit d5d368cd authored Aug 15, 2020 by Dan Nicholson Committed by GitHub Aug 15, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 13 deletions

authentication.js server/modules/authentication/oidc/authentication.js +14 -11

definition.yml server/modules/authentication/oidc/definition.yml +6 -2

No files found.
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -17,18 +17,21 @@ module.exports = {
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
        issuer: conf.issuer,
+        userInfoURL: conf.userInfoURL,
        callbackURL: conf.callbackURL
-      }, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
-        WIKI.models.users.processProfile({
-          id: jwtClaims.sub,
-          provider: 'oidc',
-          email: _.get(jwtClaims, conf.emailClaim),
-          name: _.get(jwtClaims, conf.usernameClaim)
-        }).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
+      }, async (iss, sub, profile, cb) => {
+        try {
+          const user = await WIKI.models.users.processProfile({
+            profile: {
+              ...profile,
+              email: _.get(profile, '_json.' + conf.emailClaim)
+            },
+            providerKey: 'oidc'
+          })
+          cb(null, user)
+        } catch(err) {
+          cb(err, null)
+        }
      })
    )
  }

--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@@ -5,13 +5,17 @@ author: requarks.io
 logo: https://static.requarks.io/logo/oidc.svg
 color: blue-grey darken-2
 website: http://openid.net/connect/
+isAvailable: true
 useForm: false
+scopes:
+  - openid
+  - profile
+  - email
 props:
  clientId: String
  clientSecret: String
  authorizationURL: String
  tokenURL: String
  issuer: String
-  userInfoUrl: String
+  userInfoURL: String
  emailClaim: String
-  usernameClaim: String