Skip to content

Commit

Permalink
Azure Provider fix to missing email address (#1201)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rvowles
rvowles authored Feb 7, 2025
1 parent ef95dd5 commit 22efb4c
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
5 changes: 5 additions & 0 deletions backend/security-oauth/src/main/kotlin/io/featurehub/web/security/oauth/OauthResource.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ class OauthResource @Inject constructor(
?: return Response.status(302).location(URI.create(failureUrl!!)).build()
val providerUser = providerFromState.discoverProviderUser(authed)
?: return Response.status(302).location(URI.create(failureUrl!!)).build()
if (providerUser.email == null) {
log.error("Provider is returning a null email address in token")

return Response.status(302).location(URI.create(failureUrl!!)).build()
}
return SSOCompletionListener.successfulCompletion(
providerUser.email!!,
providerUser.name,
Expand Down
14 changes: 13 additions & 1 deletion ...ecurity-oauth/src/main/kotlin/io/featurehub/web/security/oauth/providers/AzureProvider.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,16 @@ package io.featurehub.web.security.oauth.providers
import cd.connect.app.config.ConfigKey
import cd.connect.app.config.DeclaredConfigResolver
import io.featurehub.web.security.oauth.AuthClientResult
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import java.net.URLEncoder
import java.nio.charset.StandardCharsets

// register your app here: https://go.microsoft.com/fwlink/?linkid=2083908
// https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
class AzureProvider : OAuth2Provider {
private val log: Logger = LoggerFactory.getLogger(AzureProvider::class.java)

@ConfigKey("oauth2.providers.azure.tenant")
protected var tenant: String? = null

Expand All @@ -30,7 +34,15 @@ class AzureProvider : OAuth2Provider {

override fun discoverProviderUser(authed: AuthClientResult): ProviderUser? {
val idInfo = Jwt.decodeJwt(authed.idToken) ?: return null
return ProviderUser(idInfo["email"]?.toString(), idInfo["name"]?.toString())
val email = idInfo["email"]?.toString() ?: idInfo["preferred_username"]?.toString()

if (email?.contains("@") == true) {
return ProviderUser(email, idInfo["name"]?.toString())
}

log.error("Azure Provider is not returning a valid email address in `email` or `preferred_username`")

return null
}

override fun providerName(): String {
Expand Down

0 comments on commit 22efb4c

Please # to comment.