clone/vikunja
1
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-04-29 00:25:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(openid): Merge VikunjaGroups and ExtraSettingsLinks from userinfo

Browse Source 
When `forceuserinfo: true`, `mergeClaims` discards `vikunja_groups`
and `extra_settings_links` claims fetched from the userinfo endpoint,
failing team sync for opaque tokens.

Fixes team sync for OIDC providers using opaque tokens.
This commit is contained in:
MidoriKurage
2026-03-23 12:31:15 +08:00
committed by kolaente
parent 4dd18e379e
commit 68a74416a4
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/modules/auth/openid/openid.go
View File

@@ -397,6 +397,14 @@ func mergeClaims(cl *claims, cl2 *claims, forceUserInfo bool) error {
cl.Picture = cl2.Picture
}
if (forceUserInfo && len(cl2.VikunjaGroups) > 0) || len(cl.VikunjaGroups) == 0 {
cl.VikunjaGroups = cl2.VikunjaGroups
}
if (forceUserInfo && len(cl2.ExtraSettingsLinks) > 0) || len(cl.ExtraSettingsLinks) == 0 {
cl.ExtraSettingsLinks = cl2.ExtraSettingsLinks
}
if cl.Email == "" {
return &user.ErrNoOpenIDEmailProvided{}
}