Support providers who do not provide the groups scope

author: Dan <djr2468@gmail.com> 2023-04-03 21:30:28 +0100
committer: Dan <djr2468@gmail.com> 2023-04-03 21:30:28 +0100
commit: a16da3bef30b26cbf813526dee817538b99d9d6e (patch)
tree: bd89fcae5c41ac74c2cb5f0840159cefa0626ed5
parent: 2d92fa2473b2317f01b904a8f1afd83e7884d7c8 (diff)
download: trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.gz
trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.bz2
trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.zip
2 files changed, 13 insertions, 7 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index 707e9e815..3ff423ad1 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -665,12 +665,12 @@ public final class Keys {
 
     /**
      * OpenID Connect group to grant admin access.
-     * Defaults to admins.
+     * If this is not provided, no groups will be granted admin access.
+     * This option will only work if your OpenID provider supports the groups scope.
      */
     public static final ConfigKey<String> OPENID_ADMINGROUP = new StringConfigKey(
             "openid.adminGroup",
-            List.of(KeyType.CONFIG),
-            "admins");
+            List.of(KeyType.CONFIG));
 
     /**
      * If no data is reported by a device for the given amount of time, status changes from online to unknown. Value is
diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java
index f5c7eef15..537319b31 100644
--- a/src/main/java/org/traccar/database/OpenIdProvider.java
+++ b/src/main/java/org/traccar/database/OpenIdProvider.java
@@ -94,9 +94,15 @@ public class OpenIdProvider {
     }
 
     public URI createAuthUri() {
+        Scope scope = new Scope("openid", "profile", "email");
+
+        if (adminGroup != null) {
+            scope.add("groups");
+        }
+
         AuthenticationRequest.Builder request = new AuthenticationRequest.Builder(
                 new ResponseType("code"),
-                new Scope("openid", "profile", "email", "groups"),
+                scope,
                 clientId,
                 callbackUrl);
 
@@ -156,9 +162,9 @@ public class OpenIdProvider {
 
             UserInfo userInfo = getUserInfo(bearerToken);
 
-            User user = loginService.login(
-                userInfo.getEmailAddress(), userInfo.getName(),
-                userInfo.getStringListClaim("groups").contains(adminGroup));
+            Boolean administrator = adminGroup != null && userInfo.getStringListClaim("groups").contains(adminGroup);
+
+            User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), administrator);
 
             request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId());
             LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request));
author	Dan <djr2468@gmail.com>	2023-04-03 21:30:28 +0100
committer	Dan <djr2468@gmail.com>	2023-04-03 21:30:28 +0100
commit	a16da3bef30b26cbf813526dee817538b99d9d6e (patch)
tree	bd89fcae5c41ac74c2cb5f0840159cefa0626ed5
parent	2d92fa2473b2317f01b904a8f1afd83e7884d7c8 (diff)
download	trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.gz trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.tar.bz2 trackermap-server-a16da3bef30b26cbf813526dee817538b99d9d6e.zip