feat: forward sub from oidc providers (#543)

* feat: forward sub from oidc providers * fix: review comments
2025-12-28 02:52:30 +00:00 · 2025-12-26 19:02:51 +02:00
parent 2d8af0510e
commit 43487d44f7
12 changed files with 21 additions and 13 deletions
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -17,12 +17,7 @@ import (
 	"golang.org/x/oauth2/endpoints"
 )

-var GoogleOAuthScopes = []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"}
-
-type GoogleUserInfoResponse struct {
-	Email string `json:"email"`
-	Name  string `json:"name"`
-}
+var GoogleOAuthScopes = []string{"openid", "email", "profile"}

 type GoogleOAuthService struct {
 	config   oauth2.Config
@@ -91,7 +86,7 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {

 	client := google.config.Client(google.context, google.token)

-	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
+	res, err := client.Get("https://openidconnect.googleapis.com/v1/userinfo")
 	if err != nil {
 		return config.Claims{}, err
 	}
@@ -106,16 +101,12 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 		return config.Claims{}, err
 	}

-	var userInfo GoogleUserInfoResponse
-
-	err = json.Unmarshal(body, &userInfo)
+	err = json.Unmarshal(body, &user)
 	if err != nil {
 		return config.Claims{}, err
 	}

-	user.PreferredUsername = strings.Split(userInfo.Email, "@")[0]
-	user.Name = userInfo.Name
-	user.Email = userInfo.Email
+	user.PreferredUsername = strings.SplitN(user.Email, "@", 2)[0]

 	return user, nil
 }