diff --git a/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md b/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md index af724c69eca..7ce6ad4fc56 100644 --- a/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md +++ b/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md @@ -8,3 +8,5 @@ claim. So that user's recreated with the same name will be treated as different users by the IDP. https://github.com/owncloud/ocis/issues/904 +https://github.com/owncloud/ocis/pull/6326 +https://github.com/owncloud/ocis/pull/6338 diff --git a/services/idp/pkg/config/config.go b/services/idp/pkg/config/config.go index 1b18560fbfc..6439d2e8a8c 100644 --- a/services/idp/pkg/config/config.go +++ b/services/idp/pkg/config/config.go @@ -61,6 +61,7 @@ type Client struct { ID string `yaml:"id"` Name string `yaml:"name"` Trusted bool `yaml:"trusted"` + ImplicitScopes []string `yaml:"implicit_scopes"` Secret string `yaml:"secret"` RedirectURIs []string `yaml:"redirect_uris"` Origins []string `yaml:"origins"` diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index dc6f2ebedea..eb5f81db404 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -71,9 +71,10 @@ func DefaultConfig() *config.Config { }, Clients: []config.Client{ { - ID: "web", - Name: "ownCloud Web app", - Trusted: true, + ID: "web", + Name: "ownCloud Web app", + ImplicitScopes: []string{"LibgreGraph.UUID"}, + Trusted: true, RedirectURIs: []string{ "{{OCIS_URL}}/", "{{OCIS_URL}}/oidc-callback.html", @@ -87,6 +88,7 @@ func DefaultConfig() *config.Config { ID: "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", Secret: "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", Name: "ownCloud desktop app", + ImplicitScopes: []string{"LibgreGraph.UUID"}, ApplicationType: "native", RedirectURIs: []string{ "http://127.0.0.1", @@ -97,6 +99,7 @@ func DefaultConfig() *config.Config { ID: "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", Secret: "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", Name: "ownCloud Android app", + ImplicitScopes: []string{"LibgreGraph.UUID"}, ApplicationType: "native", RedirectURIs: []string{ "oc://android.owncloud.com", @@ -106,6 +109,7 @@ func DefaultConfig() *config.Config { ID: "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", Secret: "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", Name: "ownCloud iOS app", + ImplicitScopes: []string{"LibgreGraph.UUID"}, ApplicationType: "native", RedirectURIs: []string{ "oc://ios.owncloud.com", diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 8e4cbbef3a6..3476662b010 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -340,8 +340,10 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config, if cfg.EnableBasicAuth { logger.Warn().Msg("basic auth enabled, use only for testing or development") authenticators = append(authenticators, middleware.BasicAuthenticator{ - Logger: logger, - UserProvider: userProvider, + Logger: logger, + UserProvider: userProvider, + UserCS3Claim: cfg.UserCS3Claim, + UserOIDCClaim: cfg.UserOIDCClaim, }) } diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 16ee92d710d..9c21bbf2c0b 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -74,8 +74,8 @@ func DefaultConfig() *config.Config { Enabled: true, }, AccountBackend: "cs3", - UserOIDCClaim: "preferred_username", - UserCS3Claim: "username", + UserOIDCClaim: "lg.uuid", + UserCS3Claim: "userid", AutoprovisionAccounts: false, EnableBasicAuth: false, InsecureBackends: false,