From 2549b722d3044762438c9c2995bdb16d17954c95 Mon Sep 17 00:00:00 2001
From: Nick Meves <nick.meves@greenhouse.io>
Date: Sun, 18 Oct 2020 18:57:49 -0700
Subject: [PATCH] Add User & Groups to Userinfo

---
 CHANGELOG.md       |  1 +
 oauthproxy.go      | 10 ++++++++--
 oauthproxy_test.go |  8 ++++++--
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index efb8ed24..5047a8c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -55,6 +55,7 @@
 - [#797](https://github.com/oauth2-proxy/oauth2-proxy/pull/797) Create universal Authorization behavior across providers (@NickMeves)
 - [#898](https://github.com/oauth2-proxy/oauth2-proxy/pull/898) Migrate documentation to Docusaurus (@JoelSpeed)
 - [#754](https://github.com/oauth2-proxy/oauth2-proxy/pull/754) Azure token refresh (@codablock)
+- [#850](https://github.com/oauth2-proxy/oauth2-proxy/pull/850) Increase session fields in `/oauth2/userinfo` endpoint (@NickMeves)
 - [#825](https://github.com/oauth2-proxy/oauth2-proxy/pull/825) Fix code coverage reporting on GitHub actions(@JoelSpeed)
 - [#796](https://github.com/oauth2-proxy/oauth2-proxy/pull/796) Deprecate GetUserName & GetEmailAdress for EnrichSessionState (@NickMeves)
 - [#705](https://github.com/oauth2-proxy/oauth2-proxy/pull/705) Add generic Header injectors for upstream request and response headers (@JoelSpeed)
diff --git a/oauthproxy.go b/oauthproxy.go
index 343c6ec9..28df21f4 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -798,13 +798,19 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
 		http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 		return
 	}
+
 	userInfo := struct {
-		Email             string `json:"email"`
-		PreferredUsername string `json:"preferredUsername,omitempty"`
+		User              string   `json:"user"`
+		Email             string   `json:"email"`
+		Groups            []string `json:"groups,omitempty"`
+		PreferredUsername string   `json:"preferredUsername,omitempty"`
 	}{
+		User:              session.User,
 		Email:             session.Email,
+		Groups:            session.Groups,
 		PreferredUsername: session.PreferredUsername,
 	}
+
 	rw.Header().Set("Content-Type", "application/json")
 	rw.WriteHeader(http.StatusOK)
 	err = json.NewEncoder(rw).Encode(userInfo)
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index a2733f6d..bf76b2bd 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -1130,14 +1130,18 @@ func TestUserInfoEndpointAccepted(t *testing.T) {
 	}
 
 	startSession := &sessions.SessionState{
-		Email: "john.doe@example.com", AccessToken: "my_access_token"}
+		User:        "john.doe",
+		Email:       "john.doe@example.com",
+		Groups:      []string{"example", "groups"},
+		AccessToken: "my_access_token",
+	}
 	err = test.SaveSession(startSession)
 	assert.NoError(t, err)
 
 	test.proxy.ServeHTTP(test.rw, test.req)
 	assert.Equal(t, http.StatusOK, test.rw.Code)
 	bodyBytes, _ := ioutil.ReadAll(test.rw.Body)
-	assert.Equal(t, "{\"email\":\"john.doe@example.com\"}\n", string(bodyBytes))
+	assert.Equal(t, "{\"user\":\"john.doe\",\"email\":\"john.doe@example.com\",\"groups\":[\"example\",\"groups\"]}\n", string(bodyBytes))
 }
 
 func TestUserInfoEndpointUnauthorizedOnNoCookieSetError(t *testing.T) {