mirror of
https://github.com/paralus/paralus.git
synced 2026-05-06 16:36:46 +00:00
Added mapper configs for known OIdC providers
- These mapper configs are prefilled in the UI automatically. - Removed description from required in Kratos identity schema.
This commit is contained in:
Akshay Gaikwad
@@ -52,7 +52,6 @@
|
||||
"required": [
|
||||
"first_name",
|
||||
"last_name",
|
||||
"description",
|
||||
"email"
|
||||
],
|
||||
"additionalProperties": false
|
||||
|
||||
14
_kratos/oidc-mappers/facebook.jsonnet
Normal file
14
_kratos/oidc-mappers/facebook.jsonnet
Normal file
@@ -0,0 +1,14 @@
|
||||
// scopes: email
|
||||
// Issuer Url: https://www.facebook.com
|
||||
|
||||
local claims = std.extVar('claims');
|
||||
{
|
||||
identity: {
|
||||
traits: {
|
||||
// The email might be empty if the user hasn't granted permissions for the email scope.
|
||||
[if "email" in claims then "email" else null]: claims.email,
|
||||
[if "given_name" in claims then "first_name" else null]: claims.given_name,
|
||||
[if "family_name" in claims then "last_name" else null]: claims.family_name,
|
||||
},
|
||||
},
|
||||
}
|
||||
25
_kratos/oidc-mappers/github.jsonnet
Normal file
25
_kratos/oidc-mappers/github.jsonnet
Normal file
@@ -0,0 +1,25 @@
|
||||
// scopes: user:email
|
||||
// Issuer Url: https://github.com/login/oauth/authorize
|
||||
|
||||
local claims = {
|
||||
email_verified: false
|
||||
} + std.extVar('claims');
|
||||
|
||||
local fName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[0] else "undefined";
|
||||
local lName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[1] else "undefined";
|
||||
|
||||
{
|
||||
identity: {
|
||||
traits: {
|
||||
// Allowing unverified email addresses enables account
|
||||
// enumeration attacks, especially if the value is used for
|
||||
// e.g. verification or as a password login identifier.
|
||||
//
|
||||
// Therefore we only return the email if it (a) exists and (b) is marked verified
|
||||
// by GitHub.
|
||||
[if "email" in claims && claims.email_verified then "email" else null]: claims.email,
|
||||
first_name: fName,
|
||||
last_name: lName,
|
||||
},
|
||||
},
|
||||
}
|
||||
25
_kratos/oidc-mappers/gitlab.jsonnet
Normal file
25
_kratos/oidc-mappers/gitlab.jsonnet
Normal file
@@ -0,0 +1,25 @@
|
||||
// scopes: email, profile, read_user, openid
|
||||
// Issuer Url: https://gitlab.com
|
||||
|
||||
local claims = {
|
||||
email_verified: false
|
||||
} + std.extVar('claims');
|
||||
|
||||
local fName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[0] else "undefined";
|
||||
local lName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[1] else "undefined";
|
||||
|
||||
{
|
||||
identity: {
|
||||
traits: {
|
||||
// Allowing unverified email addresses enables account
|
||||
// enumeration attacks, if the value is used for
|
||||
// verification or as a password login identifier.
|
||||
//
|
||||
// Therefore we only return the email if it (a) exists and (b) is marked verified
|
||||
// by GitLab.
|
||||
[if "email" in claims && claims.email_verified then "email" else null]: claims.email,
|
||||
first_name: fName,
|
||||
last_name: lName,
|
||||
},
|
||||
},
|
||||
}
|
||||
16
_kratos/oidc-mappers/google.jsonnet
Normal file
16
_kratos/oidc-mappers/google.jsonnet
Normal file
@@ -0,0 +1,16 @@
|
||||
// scopes: email, profile
|
||||
// Issuer Url: https://accounts.google.com
|
||||
|
||||
local claims = {
|
||||
email_verified: true
|
||||
} + std.extVar('claims');
|
||||
|
||||
{
|
||||
identity: {
|
||||
traits: {
|
||||
[if "email" in claims && claims.email_verified then "email" else null]: claims.email,
|
||||
[if "given_name" in claims then "first_name" else null]: claims.given_name,
|
||||
[if "family_name" in claims then "last_name" else null]: claims.family_name,
|
||||
},
|
||||
},
|
||||
}
|
||||
24
_kratos/oidc-mappers/slack.jsonnet
Normal file
24
_kratos/oidc-mappers/slack.jsonnet
Normal file
@@ -0,0 +1,24 @@
|
||||
// scopes: identity.basic, identity.email
|
||||
// Issuer Url: https://slack.com
|
||||
|
||||
local claims = {
|
||||
email_verified: true
|
||||
} + std.extVar('claims');
|
||||
|
||||
local fName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[0] else "undefined";
|
||||
local lName = if "name" in claims && claims.name!=null && std.length(std.findSubstr(" ", claims.name)) > 0 then std.splitLimit(claims.name, " ", 1)[1] else "undefined";
|
||||
|
||||
{
|
||||
identity: {
|
||||
traits: {
|
||||
// Allowing unverified email addresses enables account
|
||||
// enumeration attacks, if the value is used for
|
||||
// verification or as a password login identifier.
|
||||
//
|
||||
// It's assumed that Slack requires an email to be verified to be accessible via OAuth (because they don't provide a email_verified field).
|
||||
email: claims.email,
|
||||
first_name: fName,
|
||||
last_name: lName,
|
||||
},
|
||||
},
|
||||
}
|
||||
Reference in New Issue
Block a user