Skip to content

Commit

Permalink
feat(auth): make OIDC_USERNAME_CLAIM configurable
Browse files Browse the repository at this point in the history
  • Loading branch information
@luytena
luytena committed Oct 11, 2024
1 parent 4264f66 commit be82b1e
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions CONFIGURATION.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ supporting Open ID Connect. If not available, you might consider using
- `OIDC_USERINFO_ENDPOINT`: Url of userinfo endpoint as [described](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
- `OIDC_VERIFY_SSL`: Verify ssl certificate of oidc userinfo endpoint (default: True)
- `OIDC_GROUPS_CLAIM`: Name of claim to be used to define group membership (default: document_merge_service_groups)
- `OIDC_USERNAME_CLAIM`: Name of claim to be used to define user (default: sub)
- `OIDC_BEARER_TOKEN_REVALIDATION_TIME`: Time in seconds before bearer token validity is verified again. For best security token is validated on each request per default. It might be helpful though in case of slow Open ID Connect provider to cache it. It uses [cache](#cache) mechanism for memorizing userinfo result. Number has to be lower than access token expiration time. (default: 0)

## Permissions / Visibilities
Expand Down
2 changes: 1 addition & 1 deletion document_merge_service/api/authentication.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def __str__(self):

class AuthenticatedUser(AnonymousUser):
def __init__(self, userinfo):
self.username = userinfo["sub"]
self.username = userinfo[settings.OIDC_USERNAME_CLAIM]
groups = []
if settings.OIDC_GROUPS_CLAIM:
groups = userinfo[settings.OIDC_GROUPS_CLAIM]
Expand Down
1 change: 1 addition & 0 deletions document_merge_service/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,7 @@ def parse_admins(admins):
OIDC_USERINFO_ENDPOINT = env.str("OIDC_USERINFO_ENDPOINT", default=None)
OIDC_VERIFY_SSL = env.bool("OIDC_VERIFY_SSL", default=True)
OIDC_GROUPS_CLAIM = env.str("OIDC_GROUPS_CLAIM", default="")
OIDC_USERNAME_CLAIM = env.str("OIDC_USERNAME_CLAIM", default="sub")
OIDC_BEARER_TOKEN_REVALIDATION_TIME = env.int(
"OIDC_BEARER_TOKEN_REVALIDATION_TIME", default=0
)
Expand Down

0 comments on commit be82b1e

Please sign in to comment.