feat: Add ability to map OIDC attributes and ignore username

Closes #554
2025-07-24 07:39:44 +02:00 · 2024-01-25 23:01:59 +01:00 · 2024-01-25 23:01:59 +01:00 · 634d6ceab1
commit 634d6ceab1
parent 31d4d5f38d
13 changed files with 112 additions and 72 deletions
--- a/server/config/custom.js
+++ b/server/config/custom.js
@ -38,7 +38,11 @@ module.exports.custom = {
  oidcClientSecret: process.env.OIDC_CLIENT_SECRET,
  oidcScopes: process.env.OIDC_SCOPES || 'openid email profile',
  oidcAdminRoles: process.env.OIDC_ADMIN_ROLES ? process.env.OIDC_ADMIN_ROLES.split(',') : [],
+  oidcEmailAttribute: process.env.OIDC_EMAIL_ATTRIBUTE || 'email',
+  oidcNameAttribute: process.env.OIDC_NAME_ATTRIBUTE || 'name',
+  oidcUsernameAttribute: process.env.OIDC_USERNAME_ATTRIBUTE || 'preferred_username',
  oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups',
+  oidcIgnoreUsername: process.env.OIDC_IGNORE_USERNAME === 'true',
  oidcIgnoreRoles: process.env.OIDC_IGNORE_ROLES === 'true',

  // TODO: move client base url to environment variable?