Skip to content

Commit

Permalink
Add Google support, sub fallback
Browse files Browse the repository at this point in the history
  • Loading branch information
9p4 committed Jan 23, 2022
1 parent 444d93b commit dfc427e
Showing 1 changed file with 23 additions and 2 deletions.
25 changes: 23 additions & 2 deletions SSO-Auth/Api/SSOController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.Net.Mime;
using System.Threading.Tasks;
using IdentityModel.Client;
using IdentityModel.OidcClient;
using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums;
Expand Down Expand Up @@ -56,8 +57,9 @@ public ActionResult OIDPost(string provider)
ClientId = config.OIDClientId,
ClientSecret = config.OIDSecret,
RedirectUri = GetRequestBase() + "/sso/OID/r/" + provider,
Scope = "openid profile"
Scope = "openid profile",
};
options.Policy.Discovery.ValidateEndpoints = false; // For Google and other providers with different endpoints
var oidcClient = new OidcClient(options);
var state = StateManager[Request.Query["state"]].State;
var result = oidcClient.ProcessResponseAsync(Request.QueryString.Value, state).Result;
Expand Down Expand Up @@ -114,13 +116,29 @@ public ActionResult OIDPost(string provider)
}
}
}

// If the provider doesn't support preferred_username, then use sub
if (!StateManager[Request.Query["state"]].Valid)
{
foreach (var claim in result.User.Claims)
{
if (claim.Type == "sub")
{
StateManager[Request.Query["state"]].Username = claim.Value;
if (config.Roles.Length == 0)
{
StateManager[Request.Query["state"]].Valid = true;
}
}
}
}
if (StateManager[Request.Query["state"]].Valid)
{
return Content(WebResponse.OIDGenerator(data: Request.Query["state"], provider: provider, baseUrl: GetRequestBase()), MediaTypeNames.Text.Html);
}
else
{
return Content("Error. Check permissions");
return Content("Error. Check permissions."); // TODO: Return error code as well
}
}
}
Expand All @@ -144,6 +162,7 @@ public async Task<ActionResult> OIDChallenge(string provider)
RedirectUri = GetRequestBase() + "/sso/OID/r/" + provider,
Scope = "openid profile"
};
options.Policy.Discovery.ValidateEndpoints = false; // For Google and other providers with different endpoints
var oidcClient = new OidcClient(options);
var state = await oidcClient.PrepareLoginAsync().ConfigureAwait(false);
StateManager.Add(state.State, new TimedAuthorizeState(state, DateTime.Now));
Expand Down Expand Up @@ -426,4 +445,6 @@ public TimedAuthorizeState(AuthorizeState state, DateTime created)
public string Username { get; set; }

public bool Admin { get; set; }

public string Email { get; set; }
}

0 comments on commit dfc427e

Please sign in to comment.