Skip to content

Commit

Permalink
Update documentation, improve user info
Browse files Browse the repository at this point in the history
  • Loading branch information
giftkugel committed Aug 28, 2024
1 parent e7dd8bb commit 71cf4ca
Show file tree
Hide file tree
Showing 3 changed files with 90 additions and 21 deletions.
8 changes: 8 additions & 0 deletions internal/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,14 @@ func (client *Client) GetClientType() oauth2.ClientType {
}
}

func (user *User) GetPreferredUsername() string {
if user.Profile.PreferredUserName == "" {
return user.Username
} else {
return user.Profile.PreferredUserName
}
}

func (user *User) GetFormattedAddress() string {
userAddress := user.Profile.Address
var sb strings.Builder
Expand Down
2 changes: 1 addition & 1 deletion internal/server/handler/oidc/userinfo.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func (h *UserInfoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if valid {
userInfoResponse = &user.Profile
userInfoResponse.Subject = user.Username
userInfoResponse.PreferredUserName = user.Username
userInfoResponse.PreferredUserName = user.GetPreferredUsername()
userInfoResponse.Name = userInfoResponse.GivenName + " " + userInfoResponse.FamilyName
userInfoResponse.Address.Formatted = user.GetFormattedAddress()
} else {
Expand Down
101 changes: 81 additions & 20 deletions website/docs/introduction/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,26 +24,30 @@ The configuration file (e.g. `config.yml`) may contain different root options wh

Root entry named `server`

| Property | Description |
|------------------|-----------------------------------------------------------------------------------|
| `logLevel` | Log level |
| `authCookieName` | Name of the cookie which will be used |
| `logoutRedirect` | Where to redirect user after logout |
| `addr` | Go like address, may contain IP and port |
| `secret` | Server secret |
| `privateKey` | General RSA or EC private key (can be overwritten for each client) to sign tokens |
| `tls` | Configuration for TLS |
| Property | Description |
|-------------------------|-----------------------------------------------------------------------------------|
| `logLevel` | Log level |
| `cookies` | Configuration related to cookie names |
| `addr` | [Go like address](https://pkg.go.dev/net#Dial), may contain IP and port |
| `secret` | Server secret |
| `privateKey` | General RSA or EC private key (can be overwritten for each client) to sign tokens |
| `tls` | Configuration for TLS |
| `logoutRedirect` | Where to redirect user after logout |
| `introspectScope` | Scope which allows token introspection |
| `revokeScopeScope` | Scope which allows token revocation |
| `sessionTimeoutSeconds` | Seconds until session will end |


#### TLS

Public and private keys to sign tokens

Entry `server.tls`

| Property | Description |
|----------|------------------------------------------|
| `addr` | Go like address, may contain IP and port |
| `keys` | Public and private keys for TLS |
| Property | Description |
|----------|-------------------------------------------------------------------------|
| `addr` | [Go like address](https://pkg.go.dev/net#Dial), may contain IP and port |
| `keys` | Public and private keys for TLS |

##### TLS keys

Expand All @@ -56,6 +60,16 @@ Entry `server.tls.keys`
| `cert` | Certificate file |
| `key` | Key file |

#### Cookies

Public and private keys to sign tokens

Entry `server.cookies`

| Property | Description |
|---------------|----------------------------------|
| `authName` | Name of the authorization cookie |
| `messageName` | Name of internal message cookie |

### User interface configuration

Expand Down Expand Up @@ -93,11 +107,12 @@ Each entry may contain the following options
| `issuer` | Issuer |
| `audience` | Audience |
| `privateKey` | RSA or EC private key to sign tokens |
| `sessionTimeoutSeconds` | Session timeout in seconds |
| `rolesClaim` | Name for the claim used to provide roles |


#### Claims

List of claims
List of client claims

Entry `clients[n].calims`

Expand All @@ -116,11 +131,57 @@ Root entry `users`

Each entry may contain the following options

| Property | Description |
|------------|-----------------------------------------------------------|
| `username` | Username |
| `password` | SHA512 hashed password |
| `salt` | Optional salt for password to avoid identical hash values |
| Property | Description |
|------------|--------------------------------------------------------------------|
| `username` | Username |
| `password` | SHA512 hashed password |
| `salt` | Optional salt for password to avoid identical hash values |
| `profile` | User profile which will be used for OpenId Connect UserInfo |
| `roles` | YAML map for roles, key of the map is the id of the related client |

#### User profile

User profile which will be used for OpenId Connect UserInfo

Entry `users[n].profile`

Each entry may contain the following options

| Property | Description |
|---------------------|----------------------------------|
| `givenName` | Given name |
| `familyName` | Family name |
| `nickname` | Nickname |
| `preferredUserName` | Preferred username |
| `email` | E-Mail address |
| `emailVerified` | E-Mail address verification flag |
| `gender` | Gender |
| `birthDate` | Birthdate |
| `zoneInfo` | Zone information |
| `locale` | locale |
| `phoneNumber` | Phone number |
| `phoneVerified` | Phone number verficiation flag |
| `website` | Website URL |
| `profile` | Profile URL |
| `profilePicture` | Profile picture URL |
| `address` | User address |

#### User address

User address which will be used for OpenId Connect UserInfo

Entry `users[n].profile.address`

Each entry may contain the following options

| Property | Description |
|--------------|-------------|
| `street` | Street |
| `city` | City |
| `postalCode` | Postal code |
| `region` | Region |
| `country` | Country |


## Examples

Expand Down

0 comments on commit 71cf4ca

Please sign in to comment.