From 881732fa42d0580a93970ebbecfc37ebd77afa35 Mon Sep 17 00:00:00 2001
From: prichier <pascoualito@gmail.com>
Date: Sat, 9 May 2020 00:59:51 +0200
Subject: [PATCH] Add: ignore_scopes QUIRKS, user_id+username claims
---
hiboo/application/sso.py | 3 ++-
hiboo/sso/oidc.py | 8 +++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/hiboo/application/sso.py b/hiboo/application/sso.py
index 9f7feebb..bc10bb8d 100644
--- a/hiboo/application/sso.py
+++ b/hiboo/application/sso.py
@@ -36,7 +36,8 @@ class GenericOIDCApplication(base.OIDCApplication):
special_mappings = fields.SelectMultipleField(
_('Enabled special claim mappings'), choices=[
("mask_sub_uuid", _("Mask the profile uuid")),
- ("original_email", _("Return the actual user email"))
+ ("original_email", _("Return the actual user email")),
+ ("ignore_scopes", _("Return all claims independently of asked scopes"))
]
)
submit = fields.SubmitField(_('Submit'))
diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index f075f302..89f69ab0 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -125,14 +125,16 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
"""
special_mappings = self.service.config.get("special_mappings", [])
claims = dict()
- if "profile" in scope:
+ if "profile" in scope or "ignore_scopes" in special_mappings:
claims.update(
sub=profile.username if "mask_sub_uuid" in special_mappings else profile.uuid,
name=profile.username,
preferred_username=profile.username,
- login=profile.username
+ login=profile.username,
+ user_id=None if "mask_sub_uuid" in special_mappings else profile.uuid,
+ username=profile.username
)
- if "email" in scope:
+ if "email" in scope or "ignore_scopes" in special_mappings:
user_email = profile.user.contact.get("email") if profile.user.contact else None
claims.update(
email=user_email if "original_email" in special_mappings else profile.email
--
GitLab