[FIX] auth_oidc: set user_id for auth_oauth

inspired by OCA#336
ap-wtioit · Feb 28, 2024 · c3e8c1a · c3e8c1a
1 parent 3f8e757
commit c3e8c1a
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py
@@ -65,7 +65,12 @@ def auth_oauth(self, provider, params):
             raise AccessDenied()
         validation = oauth_provider._parse_id_token(id_token, access_token)
         # required check
-        if not validation.get("user_id"):
+        if "sub" in validation and "user_id" not in validation:
+            # set user_id for auth_oauth, user_id is not an OpenID Connect standard
+            # claim:
+            # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+            validation["user_id"] = validation["sub"]
+        elif not validation.get("user_id"):
             _logger.error("user_id claim not found in id_token (after mapping).")
             raise AccessDenied()
         # retrieve and sign in user