Merge branch 'jj-388176-add-fields-to-openid' into 'master'

Add more fields to OAuthID token See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110922 Merged-by: Ahmed Hemdan <ahemdan@gitlab.com> Approved-by: Aakriti Gupta <agupta@gitlab.com> Approved-by: Ahmed Hemdan <ahemdan@gitlab.com> Reviewed-by: Ahmed Hemdan <ahemdan@gitlab.com> Co-authored-by: Joseph Wambua <jjoshua@gitlab.com>

Merge branch 'jj-388176-add-fields-to-openid' into 'master'
ba482b6c · Ahmed Hemdan · 36768dbd · 7f815629 · ba482b6c · ba482b6c
Commit ba482b6c authored 2 years ago by Ahmed Hemdan
--- a/config/initializers/doorkeeper_openid_connect.rb
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -31,9 +31,9 @@
        Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}"
      end
  
-      o.claim(:name)                     { |user| user.name }
-      o.claim(:nickname)                 { |user| user.username }
-      o.claim(:preferred_username)       { |user| user.username }
+      o.claim(:name, response: [:id_token, :user_info]) { |user| user.name }
+      o.claim(:nickname, response: [:id_token, :user_info]) { |user| user.username }
+      o.claim(:preferred_username, response: [:id_token, :user_info]) { |user| user.username }
  
      # Check whether the application has access to the email scope, and grant
      # access to the user's primary email address if so, otherwise their
@@ -55,10 +55,10 @@
        end
      end
  
-      o.claim(:website)        { |user| user.full_website_url if user.website_url.present? }
-      o.claim(:profile)        { |user| Gitlab::Routing.url_helpers.user_url user }
-      o.claim(:picture)        { |user| user.avatar_url(only_path: false) }
-      o.claim(:groups)         { |user| user.membership_groups.joins(:route).with_route.map(&:full_path) }
+      o.claim(:website, response: [:id_token, :user_info]) { |user| user.full_website_url if user.website_url.present? }
+      o.claim(:profile, response: [:id_token, :user_info]) { |user| Gitlab::Routing.url_helpers.user_url user }
+      o.claim(:picture, response: [:id_token, :user_info]) { |user| user.avatar_url(only_path: false) }
+      o.claim(:groups) { |user| user.membership_groups.joins(:route).with_route.map(&:full_path) }
      o.claim(:groups_direct, response: [:id_token]) { |user| user.groups.joins(:route).with_route.map(&:full_path) }
      o.claim('https://gitlab.org/claims/groups/owner') do |user|
        user.owned_groups.joins(:route).with_route.map(&:full_path).presence

--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -192,7 +192,7 @@ def request_user_info!
      end
  
      it 'does not include any unknown properties' do
-        expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified groups_direct]
+        expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy name nickname preferred_username email email_verified website profile picture groups_direct]
      end
  
      it 'does include groups' do