Skip to content

Commit

Permalink
Example
Browse files Browse the repository at this point in the history
  • Loading branch information
k-burt-uch committed Aug 29, 2023
1 parent ea885f0 commit e1bb128
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 7 deletions.
5 changes: 5 additions & 0 deletions fence/config-default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,11 @@ OPENID_CONNECT:
client_secret: ''
redirect_url: '{{BASE_URL}}/login/ras/callback'
scope: 'openid email profile ga4gh_passport_v1'
idp_config:
login_gov:
ras_idp_id: 'login.gov'
user_id_field: 'email'

# multifactor_auth_claim_info:
# claim: 'acr'
# values: [ 'https://stsstg.nih.gov/assurance/aal/2' ]
Expand Down
25 changes: 18 additions & 7 deletions fence/resources/openid/ras_oauth2.py
Original file line number Diff line number Diff line change
Expand Up @@ -146,13 +146,24 @@ def get_auth_info(self, code):
"Received RAS access token with txn: {}".format(at_claims.get("txn"))
)

username = None
if userinfo.get("UserID"):
username = userinfo["UserID"]
field_name = "UserID"
elif userinfo.get("userid"):
username = userinfo["userid"]
field_name = "userid"
ras_idp_id = userinfo.get("preferred_username").split("@")[1]
field_name = None
for idp_config in (
config["OPENID_CONNECT"]["ras"].get("idp_config", {}).values()
):
if idp_config.get("ras_idp_id") == ras_idp_id:
field_name = idp_config.get("user_id_field")
self.logger.info(
f"{ras_idp_id} is configured to use {field_name} as the username."
)

if not field_name:
if userinfo.get("UserID"):
field_name = "UserID"
elif userinfo.get("userid"):
field_name = "userid"

username = userinfo.get(field_name)
if not username:
self.logger.error(
"{}, received claims: {} and userinfo: {}".format(
Expand Down

0 comments on commit e1bb128

Please sign in to comment.