go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-03 22:59:10 +02:00
Code Issues Releases Activity

Use upn as EmailClaim throughout ADFSProvider

Browse Source 
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
This commit is contained in:
Nick Meves
2021-06-19 16:06:58 -07:00
parent 1b335a056d
commit a53198725e
3 changed files with 14 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
providers/adfs_test.go
View File

@@ -134,8 +134,8 @@ var _ = Describe("ADFS Provider Tests", func() {
idToken, err := p.Verifier.Verify(context.Background(), rawIDToken)
Expect(err).To(BeNil())
session, err := p.buildSessionFromClaims(idToken)
session.IDToken = rawIDToken
Expect(err).To(BeNil())
session.IDToken = rawIDToken
err = p.EnrichSession(context.Background(), session)
Expect(session.Email).To(Equal("janed@me.com"))
Expect(err).To(BeNil())
@@ -149,7 +149,7 @@ var _ = Describe("ADFS Provider Tests", func() {
ProtectedResource: resource,
Scope: "",
})
p.SkipScope = true
p.skipScope = true
result := p.GetLoginURL("https://example.com/adfs/oauth2/", "", "")
Expect(result).NotTo(ContainSubstring("scope="))