mirror of
https://github.com/tailscale/tailscale.git
synced 2025-04-07 16:54:37 +00:00
cmd/tsidp: add username claim
Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
parent
64cdd70c8a
commit
35d733be18
@ -191,6 +191,9 @@ func (s *idpServer) serveUserInfo(w http.ResponseWriter, r *http.Request) {
|
|||||||
ui.Email = ar.who.UserProfile.LoginName
|
ui.Email = ar.who.UserProfile.LoginName
|
||||||
ui.Picture = ar.who.UserProfile.ProfilePicURL
|
ui.Picture = ar.who.UserProfile.ProfilePicURL
|
||||||
|
|
||||||
|
// TODO(maisem): not sure if this is the right thing to do
|
||||||
|
ui.UserName, _, _ = strings.Cut(ar.who.UserProfile.LoginName, "@")
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
if err := json.NewEncoder(w).Encode(ui); err != nil {
|
if err := json.NewEncoder(w).Encode(ui); err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
@ -198,10 +201,11 @@ func (s *idpServer) serveUserInfo(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type userInfo struct {
|
type userInfo struct {
|
||||||
Sub string `json:"sub"`
|
Sub string `json:"sub"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Picture string `json:"picture"`
|
Picture string `json:"picture"`
|
||||||
|
UserName string `json:"username"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *idpServer) serveToken(w http.ResponseWriter, r *http.Request) {
|
func (s *idpServer) serveToken(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -244,8 +248,17 @@ func (s *idpServer) serveToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
who := ar.who
|
who := ar.who
|
||||||
|
|
||||||
|
// TODO(maisem): not sure if this is the right thing to do
|
||||||
|
userName, _, _ := strings.Cut(ar.who.UserProfile.LoginName, "@")
|
||||||
n := who.Node.View()
|
n := who.Node.View()
|
||||||
|
if n.IsTagged() {
|
||||||
|
http.Error(w, "tsidp: tagged nodes not supported", http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
|
_, tcd, _ := strings.Cut(n.Name(), ".")
|
||||||
tsClaims := tailscaleClaims{
|
tsClaims := tailscaleClaims{
|
||||||
Claims: jwt.Claims{
|
Claims: jwt.Claims{
|
||||||
Audience: jwt.Audience{"unused"},
|
Audience: jwt.Audience{"unused"},
|
||||||
@ -254,24 +267,17 @@ func (s *idpServer) serveToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
IssuedAt: jwt.NewNumericDate(now),
|
IssuedAt: jwt.NewNumericDate(now),
|
||||||
Issuer: s.serverURL,
|
Issuer: s.serverURL,
|
||||||
NotBefore: jwt.NewNumericDate(now),
|
NotBefore: jwt.NewNumericDate(now),
|
||||||
|
Subject: n.User().String(),
|
||||||
},
|
},
|
||||||
Nonce: ar.nonce,
|
Nonce: ar.nonce,
|
||||||
Key: n.Key(),
|
Key: n.Key(),
|
||||||
Addresses: n.Addresses(),
|
Addresses: n.Addresses(),
|
||||||
NodeID: n.ID(),
|
NodeID: n.ID(),
|
||||||
NodeName: n.Name(),
|
NodeName: n.Name(),
|
||||||
}
|
Tailnet: tcd,
|
||||||
|
UserID: n.User(),
|
||||||
_, tcd, _ := strings.Cut(n.Name(), ".")
|
Email: who.UserProfile.LoginName,
|
||||||
tsClaims.Tailnet = tcd
|
UserName: userName,
|
||||||
|
|
||||||
if n.IsTagged() {
|
|
||||||
tsClaims.Subject = n.ID().String()
|
|
||||||
tsClaims.Tags = n.Tags().AsSlice()
|
|
||||||
} else {
|
|
||||||
tsClaims.Subject = n.User().String()
|
|
||||||
tsClaims.UserID = n.User()
|
|
||||||
tsClaims.User = who.UserProfile.LoginName
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create an OIDC token using this issuer's signer.
|
// Create an OIDC token using this issuer's signer.
|
||||||
@ -415,9 +421,11 @@ type tailscaleClaims struct {
|
|||||||
// Tags is the list of tags the node is tagged with prefixed with the Tailnet name.
|
// Tags is the list of tags the node is tagged with prefixed with the Tailnet name.
|
||||||
Tags []string `json:"tags,omitempty"` // the tags on the node (like alice.github:tag:foo or example.com:tag:foo)
|
Tags []string `json:"tags,omitempty"` // the tags on the node (like alice.github:tag:foo or example.com:tag:foo)
|
||||||
|
|
||||||
// User is the emailish of the user prefixed with the Tailnet name.
|
// Email is the emailish of the user prefixed with the Tailnet name.
|
||||||
User string `json:"user,omitempty"` // user emailish (like alice.github:alice@github or example.com:bob@example.com)
|
Email string `json:"email,omitempty"` // user emailish (like alice.github:alice@github or example.com:bob@example.com)
|
||||||
UserID tailcfg.UserID `json:"uid,omitempty"` // user legacy id
|
UserID tailcfg.UserID `json:"uid,omitempty"` // user legacy id
|
||||||
|
|
||||||
|
UserName string `json:"username,omitempty"` // user name
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
Loading…
x
Reference in New Issue
Block a user