revert changes for user id and user name

Signed-off-by: Rui Yang <ruiya@vmware.com>
6 years ago · 058202d007
3 changed files with 13 additions and 25 deletions
--- a/Documentation/connectors/oidc.md
+++ b/Documentation/connectors/oidc.md
@ -72,12 +72,20 @@ connectors:
    # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
    # getUserInfo: true

+    # The set claim is used as user id.
+    # Claims list at https://openid.net/specs/openid-connect-core-1_0.html#Claims
+    # Default: sub
+    # userIDKey: nickname
+
+    # The set claim is used as user name.
+    # Default: name
+    # userNameKey: nickname
+
    # For offline_access, the prompt parameter is set by default to "prompt=consent". 
    # However this is not supported by all OIDC providers, some of them support different
    # value for prompt, like "prompt=login" or "prompt=none"
    # promptType: consent

-
    # Some providers return non-standard claims (eg. mail).
    # Use claimMapping to map those claims to standard claims:
    # https://openid.net/specs/openid-connect-core-1_0.html#Claims
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@ -49,22 +49,14 @@ type Config struct {
 	// id tokens
 	GetUserInfo bool `json:"getUserInfo"`

-	// Deprecated: use UserIDKey in claimMapping instead
 	UserIDKey string `json:"userIDKey"`

-	// Deprecated: use UserNameKey in claimMapping instead
 	UserNameKey string `json:"userNameKey"`

 	// PromptType will be used fot the prompt parameter (when offline_access, by default prompt=consent)
 	PromptType string `json:"promptType"`

 	ClaimMapping struct {
-		// Configurable key which contains the user id claim
-		UserIDKey string `json:"user_id"` // defaults to "sub"
-
-		// Configurable key which contains the username claim
-		UserNameKey string `json:"user_name"` // defaults to "name"
-
 		// Configurable key which contains the preferred username claims
 		PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"

@ -138,18 +130,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		c.PromptType = "consent"
 	}

-	// Backward compatibility
-	userIDKey := c.ClaimMapping.UserIDKey
-	if userIDKey == "" {
-		userIDKey = c.UserIDKey
-	}
-
-	// Backward compatibility
-	userNameKey := c.ClaimMapping.UserNameKey
-	if userNameKey == "" {
-		userNameKey = c.UserNameKey
-	}
-
 	clientID := c.ClientID
 	return &oidcConnector{
 		provider:    provider,
@ -171,8 +151,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		insecureEnableGroups:      c.InsecureEnableGroups,
 		getUserInfo:               c.GetUserInfo,
 		promptType:                c.PromptType,
-		userIDKey:                 userIDKey,
-		userNameKey:               userNameKey,
+		userIDKey:                 c.UserIDKey,
+		userNameKey:               c.UserNameKey,
 		preferredUsernameKey:      c.ClaimMapping.PreferredUsernameKey,
 		emailKey:                  c.ClaimMapping.EmailKey,
 		groupsKey:                 c.ClaimMapping.GroupsKey,
--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@ -258,12 +258,12 @@ func TestHandleCallback(t *testing.T) {
 				ClientSecret:              "clientSecret",
 				Scopes:                    scopes,
 				RedirectURI:               fmt.Sprintf("%s/callback", serverURL),
+				UserIDKey:                 tc.userIDKey,
+				UserNameKey:               tc.userNameKey,
 				InsecureSkipEmailVerified: tc.insecureSkipEmailVerified,
 				InsecureEnableGroups:      true,
 				BasicAuthUnsupported:      &basicAuth,
 			}
-			config.ClaimMapping.UserIDKey = tc.userIDKey
-			config.ClaimMapping.UserNameKey = tc.userNameKey
 			config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
 			config.ClaimMapping.EmailKey = tc.emailKey
 			config.ClaimMapping.GroupsKey = tc.groupsKey