custom env for set custom claims for openid

2024-11-07 00:59:52 +00:00 · 2024-06-28 16:31:40 +03:00 · 2024-06-28 16:31:40 +03:00 · 0c3f9a16e3
commit 0c3f9a16e3
parent 24b638fcde
3 changed files with 21 additions and 2 deletions
--- a/backend/apps/webui/main.py
+++ b/backend/apps/webui/main.py
@ -39,6 +39,8 @@ from config import (
    WEBUI_BANNERS,
    ENABLE_COMMUNITY_SHARING,
    AppConfig,
+    OAUTH_USERNAME_CLAIM,
+    OAUTH_PICTURE_CLAIM
 )

 import inspect
@ -74,6 +76,9 @@ app.state.config.BANNERS = WEBUI_BANNERS

 app.state.config.ENABLE_COMMUNITY_SHARING = ENABLE_COMMUNITY_SHARING

+app.state.config.OAUTH_USERNAME_CLAIM = OAUTH_USERNAME_CLAIM
+app.state.config.OAUTH_PICTURE_CLAIM = OAUTH_PICTURE_CLAIM
+
 app.state.MODELS = {}
 app.state.TOOLS = {}
 app.state.FUNCTIONS = {}
--- a/backend/config.py
+++ b/backend/config.py
@ -395,6 +395,18 @@ OAUTH_PROVIDER_NAME = PersistentConfig(
    os.environ.get("OAUTH_PROVIDER_NAME", "SSO"),
 )

+OAUTH_USERNAME_CLAIM = PersistentConfig(
+    "OAUTH_USERNAME_CLAIM",
+    "oauth.oidc.username_claim",
+    os.environ.get("OAUTH_USERNAME_CLAIM", "name"),
+)
+
+OAUTH_PICTURE_CLAIM = PersistentConfig(
+    "OAUTH_USERNAME_CLAIM",
+    "oauth.oidc.avatar_claim",
+    os.environ.get("OAUTH_PICTURE_CLAIM", "picture"),
+)
+

 def load_oauth_providers():
    OAUTH_PROVIDERS.clear()
--- a/backend/main.py
+++ b/backend/main.py
@ -1920,11 +1920,13 @@ async def oauth_callback(provider: str, request: Request, response: Response):
        # If the user does not exist, check if signups are enabled
        if ENABLE_OAUTH_SIGNUP.value:
            # Check if an existing user with the same email already exists
-            existing_user = Users.get_user_by_email(user_data.get("email", "").lower())
+            email_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM
+            existing_user = Users.get_user_by_email(user_data.get(email_claim, "").lower())
            if existing_user:
                raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)

-            picture_url = user_data.get("picture", "")
+            picture_claim = webui_app.state.config.OAUTH_PICTURE_CLAIM
+            picture_url = user_data.get(picture_claim, "")
            if picture_url:
                # Download the profile image into a base64 string
                try: