added federated claims in token request (#33)

epinio · Jun 14, 2023 · f7e7367 · f7e7367
1 parent 3a94eb6
commit f7e7367
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/src/jetstream/authepinio.go b/src/jetstream/authepinio.go
@@ -259,14 +259,16 @@ func (a *epinioAuth) epinioOIDCLogin(c echo.Context) (string, string, error) {
 	}
 
 	var claims struct {
-		Email   string      `json:"email"`
-		Groups  []string    `json:"groups"`
-		Profile interface{} `json:"profile"`
+		Email           string   `json:"email"`
+		Groups          []string `json:"groups"`
+		FederatedClaims struct {
+			ConnectorID string `json:"connector_id"`
+		} `json:"federated_claims"`
 	}
 	log.Warnf("epinioOIDCLogin: token: %+v", idToken)
 
 	if err := idToken.Claims(&claims); err != nil {
-		msg := "token in unexpected format: %+v"
+		msg := "token in unexpected format"
 		log.Errorf(msg, err)
 		return "", "", errors.New(msg)
 	}

diff --git a/src/jetstream/dex/dex.go b/src/jetstream/dex/dex.go
@@ -20,7 +20,7 @@ const (
 )
 
 var (
-	DefaultScopes = []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email", "groups", "audience:server:client_id:epinio-api"}
+	DefaultScopes = []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email", "groups", "audience:server:client_id:epinio-api", "federated:id"}
 )
 
 // OIDCProvider wraps an oidc.Provider and its Configuration