- added the ability to skip user info

- added error handling if values are missing.

server/api/controllers/access-tokens/exchange.js

@@ -5,7 +5,11 @@ const { getRemoteAddress } = require('../../../utils/remoteAddress');
 
 const Errors = {
   INVALID_TOKEN: {
-    invalidToken: 'Invalid email or username',
+    invalidToken: 'Access Token is invalid',
+  },
+  MISSING_VALUES: {
+    missingValues:
+      'Unable to retrieve required values. Verify the access token or UserInfo endpoint has email, username and name claims',
   },
 };
 
@@ -54,6 +58,9 @@ const validateAndDecodeToken = async (accessToken, options) => {
 };
 
 const getUserInfo = async (accessToken, options) => {
+  if (sails.config.custom.oidcSkipUserInfo) {
+    return {};
+  }
   const issuer = await openidClient.Issuer.discover(options.issuer);
   const oidcClient = new issuer.Client({
     client_id: 'irrelevant',
@@ -88,6 +95,9 @@ module.exports = {
     invalidToken: {
       responseType: 'unauthorized',
     },
+    missingValues: {
+      responseType: 'unauthorized',
+    },
   },
 
   async fn(inputs) {
@@ -115,6 +125,11 @@ module.exports = {
       locked: true,
     };
 
+    if (!newUser.email || !newUser.username || !newUser.name) {
+      sails.log.error(Errors.MISSING_VALUES.missingValues);
+      throw Errors.MISSING_VALUES;
+    }
+
     const identityProviderUser = await IdentityProviderUser.findOne({
       where: {
         issuer: oidcUser.iss,

server/config/custom.js

@@ -39,4 +39,5 @@ module.exports.custom = {
   oidcredirectUri: process.env.OIDC_REDIRECT_URI,
   oidcJwksUri: process.env.OIDC_JWKS_URI,
   oidcScopes: process.env.OIDC_SCOPES || 'openid profile email',
+  oidcSkipUserInfo: process.env.OIDC_SKIP_USER_INFO === 'true',
 };