Allow preferred_username as username source for OIDC (#30454)

This PR adds the preferred_username claim as a possible username source for the oauth2_client. Closes #21518
2025-07-03 09:07:19 +00:00 · 2024-04-16 07:41:39 +02:00
parent cf9061f44a
commit 6ba0c371c2
4 changed files with 15 additions and 4 deletions
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@ -386,6 +386,13 @@ func getUserName(gothUser *goth.User) (string, error) {
 	switch setting.OAuth2Client.Username {
 	case setting.OAuth2UsernameEmail:
 		return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0])
+	case setting.OAuth2UsernamePreferredUsername:
+		preferredUsername, exists := gothUser.RawData["preferred_username"]
+		if exists {
+			return user_model.NormalizeUserName(preferredUsername.(string))
+		} else {
+			return "", fmt.Errorf("preferred_username is missing in received user data but configured as username source for user_id %q. Check if OPENID_CONNECT_SCOPES contains profile", gothUser.UserID)
+		}
 	case setting.OAuth2UsernameNickname:
 		return user_model.NormalizeUserName(gothUser.NickName)
 	default: // OAuth2UsernameUserid