Added option to change the OIDC claim regarded as the ID

Defined via a OIDC_EXTERNAL_ID_CLAIM env option. For #3914
2026-01-03 23:42:28 +03:00 · 2023-01-26 16:43:15 +00:00
parent 3202f96181
commit 811be3a36a
4 changed files with 27 additions and 2 deletions
--- a/tests/Auth/OidcTest.php
+++ b/tests/Auth/OidcTest.php
@@ -42,6 +42,7 @@ class OidcTest extends TestCase
            'oidc.user_to_groups'         => false,
            'oidc.groups_claim'           => 'group',
            'oidc.remove_from_groups'     => false,
+            'oidc.external_id_claim'      => 'sub',
        ]);
    }

@@ -391,6 +392,25 @@ class OidcTest extends TestCase
        $this->assertTrue(auth()->check());
    }

+    public function test_auth_uses_configured_external_id_claim_option()
+    {
+        config()->set([
+            'oidc.external_id_claim' => 'super_awesome_id',
+        ]);
+        $roleA = Role::factory()->create(['display_name' => 'Wizards']);
+
+        $resp = $this->runLogin([
+            'email'            => 'benny@example.com',
+            'sub'              => 'benny1010101',
+            'super_awesome_id' => 'xXBennyTheGeezXx',
+        ]);
+        $resp->assertRedirect('/');
+
+        /** @var User $user */
+        $user = User::query()->where('email', '=', 'benny@example.com')->first();
+        $this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id);
+    }
+
    public function test_login_group_sync()
    {
        config()->set([