nikdoof/pocket-id
1
0
Fork 0
mirror of https://github.com/nikdoof/pocket-id.git synced 2025-12-14 07:12:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: only return user groups if it is explicitly requested

Browse Source
This commit is contained in:
Elias Schneider
2024-10-02 10:41:10 +02:00
parent 365734ec5d
commit a4a90a16a9
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/internal/service/oidc_service.go
View File

@@ -308,20 +308,22 @@ func (s *OidcService) GetUserClaimsForClient(userID string, clientID string) (ma
user := authorizedOidcClient.User
scope := authorizedOidcClient.Scope
userGroups := make([]string, len(user.UserGroups))
for i, group := range user.UserGroups {
userGroups[i] = group.Name
}
claims := map[string]interface{}{
"sub": user.ID,
"groups": userGroups,
"sub": user.ID,
}
if strings.Contains(scope, "email") {
claims["email"] = user.Email
}
if strings.Contains(scope, "groups") {
userGroups := make([]string, len(user.UserGroups))
for i, group := range user.UserGroups {
userGroups[i] = group.Name
}
claims["groups"] = userGroups
}
profileClaims := map[string]interface{}{
"given_name": user.FirstName,
"family_name": user.LastName,