From c3e8c1a47bb8c644e2e2ccec4ff8a3977d4d6963 Mon Sep 17 00:00:00 2001
From: Andreas Perhab <andreas.perhab@wt-io-it.at>
Date: Tue, 9 Aug 2022 14:10:41 +0200
Subject: [PATCH] [FIX] auth_oidc: set user_id for auth_oauth

inspired by https://github.com/OCA/server-auth/pull/336
---
 auth_oidc/models/res_users.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py
index 806da1f786..1684480fa4 100644
--- a/auth_oidc/models/res_users.py
+++ b/auth_oidc/models/res_users.py
@@ -65,7 +65,12 @@ def auth_oauth(self, provider, params):
             raise AccessDenied()
         validation = oauth_provider._parse_id_token(id_token, access_token)
         # required check
-        if not validation.get("user_id"):
+        if "sub" in validation and "user_id" not in validation:
+            # set user_id for auth_oauth, user_id is not an OpenID Connect standard
+            # claim:
+            # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+            validation["user_id"] = validation["sub"]
+        elif not validation.get("user_id"):
             _logger.error("user_id claim not found in id_token (after mapping).")
             raise AccessDenied()
         # retrieve and sign in user