feat: fail if oidc provide does not provide a sub or id
This commit is contained in:
parent
4ee629366b
commit
6907b2ed3c
1 changed files with 12 additions and 0 deletions
|
|
@ -105,6 +105,8 @@ defmodule Mv.Accounts.User do
|
||||||
upsert? true
|
upsert? true
|
||||||
upsert_identity :unique_oidc_id
|
upsert_identity :unique_oidc_id
|
||||||
|
|
||||||
|
validate &__MODULE__.validate_oidc_id_present/2
|
||||||
|
|
||||||
change AshAuthentication.GenerateTokenChange
|
change AshAuthentication.GenerateTokenChange
|
||||||
|
|
||||||
change fn changeset, _ctx ->
|
change fn changeset, _ctx ->
|
||||||
|
|
@ -125,6 +127,16 @@ defmodule Mv.Accounts.User do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def validate_oidc_id_present(changeset, _context) do
|
||||||
|
user_info = Ash.Changeset.get_argument(changeset, :user_info) || %{}
|
||||||
|
|
||||||
|
if is_binary(user_info["sub"]) or is_binary(user_info["id"]) do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
{:error, [user_info: "OIDC user_info must contain a non-empty 'sub' or 'id' field"]}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
attributes do
|
attributes do
|
||||||
uuid_primary_key :id
|
uuid_primary_key :id
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue