diff options
author | Dan <djr2468@gmail.com> | 2023-04-03 21:30:28 +0100 |
---|---|---|
committer | Dan <djr2468@gmail.com> | 2023-04-03 21:30:28 +0100 |
commit | a16da3bef30b26cbf813526dee817538b99d9d6e (patch) | |
tree | bd89fcae5c41ac74c2cb5f0840159cefa0626ed5 | |
parent | 2d92fa2473b2317f01b904a8f1afd83e7884d7c8 (diff) | |
download | trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.gz trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.bz2 trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.zip |
Support providers who do not provide the groups scope
-rw-r--r-- | src/main/java/org/traccar/config/Keys.java | 6 | ||||
-rw-r--r-- | src/main/java/org/traccar/database/OpenIdProvider.java | 14 |
2 files changed, 13 insertions, 7 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index 707e9e815..3ff423ad1 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -665,12 +665,12 @@ public final class Keys { /** * OpenID Connect group to grant admin access. - * Defaults to admins. + * If this is not provided, no groups will be granted admin access. + * This option will only work if your OpenID provider supports the groups scope. */ public static final ConfigKey<String> OPENID_ADMINGROUP = new StringConfigKey( "openid.adminGroup", - List.of(KeyType.CONFIG), - "admins"); + List.of(KeyType.CONFIG)); /** * If no data is reported by a device for the given amount of time, status changes from online to unknown. Value is diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index f5c7eef15..537319b31 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -94,9 +94,15 @@ public class OpenIdProvider { } public URI createAuthUri() { + Scope scope = new Scope("openid", "profile", "email"); + + if (adminGroup != null) { + scope.add("groups"); + } + AuthenticationRequest.Builder request = new AuthenticationRequest.Builder( new ResponseType("code"), - new Scope("openid", "profile", "email", "groups"), + scope, clientId, callbackUrl); @@ -156,9 +162,9 @@ public class OpenIdProvider { UserInfo userInfo = getUserInfo(bearerToken); - User user = loginService.login( - userInfo.getEmailAddress(), userInfo.getName(), - userInfo.getStringListClaim("groups").contains(adminGroup)); + Boolean administrator = adminGroup != null && userInfo.getStringListClaim("groups").contains(adminGroup); + + User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator); request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); |