Add missing scope and claim config values

Author: yflory

client/extensions.js

@@ -221,12 +221,17 @@ define([
                         const pkInput = blocks.textarea();
                         const pkLabel = blocks.labelledInput(MyMessages.provider_saml_private, pkInput);
 
+                        // User name
+                        const nameInput = blocks.input();
+                        const nameLabel = blocks.labelledInput(MyMessages.provider_saml_name, nameInput);
+
                         if (isEdit) {
                             urlInput.value = isEdit.url;
                             issuerInput.value = isEdit.issuer || '';
                             idpcInput.value = isEdit.cert || '';
                             spcInput.value = isEdit.signingCert || '';
                             pkInput.value = isEdit.privateKey || '';
+                            nameInput.value = isEdit.username_attr || '';
                         }
 
                         getValues = () => {
@@ -237,7 +242,8 @@ define([
                                 issuer: issuerInput.value,
                                 cert: idpcInput.value,
                                 signingCert: spcInput.value,
-                                privateKey: pkInput.value
+                                privateKey: pkInput.value,
+                                username_attr: nameInput.value
                             };
                         };
 
@@ -264,7 +270,7 @@ define([
                         const idAlgLabel = blocks.labelledInput(MyMessages.provider_oidc_idalg, idAlgInput);
 
                         // User Info alg
-                        const userAlgInput = blocks.input({placeholder:'PS256'});
+                        const userAlgInput = blocks.input();
                         const userAlgLabel = blocks.labelledInput(MyMessages.provider_oidc_useralg, userAlgInput);
 
                         // PKCE
@@ -273,6 +279,12 @@ define([
                         // Nonce
                         const nonce = blocks.checkbox(`sso-nonce-${uid}`, MyMessages.provider_oidc_nonce, true);
 
+                        // User name
+                        const userScopeInput = blocks.input({placeholder:'profile'});
+                        const userScopeLabel = blocks.labelledInput(MyMessages.provider_oidc_userscope, userScopeInput);
+                        const userClaimInput = blocks.input({placeholder:'name'});
+                        const userClaimLabel = blocks.labelledInput(MyMessages.provider_oidc_userclaim, userClaimInput);
+
                         if (isEdit) {
                             urlInput.value = isEdit.url || '';
                             cidInput.value = isEdit.client_id || '';
@@ -281,6 +293,8 @@ define([
                             userAlgInput.value = isEdit.userinfo_token_alg || isEdit.jwt_alg || '';
                             $(pkce).find('input').prop('checked', isEdit.use_pkce !== false);
                             $(nonce).find('input').prop('checked', isEdit.use_nonce !== false);
+                            userScopeInput.value = isEdit.username_scope || '';
+                            userClaimInput.value = isEdit.username_claim || '';
                         }
 
                         getValues = () => {
@@ -293,10 +307,12 @@ define([
                                 id_token_alg: idAlgInput.value || isEdit.jwt_alg || undefined,
                                 userinfo_token_alg: userAlgInput.value || isEdit.jwt_alg || undefined,
                                 use_nonce: $(nonce).find('input').is(':checked'),
-                                use_pkce: $(pkce).find('input').is(':checked')
+                                use_pkce: $(pkce).find('input').is(':checked'),
+                                username_scope: userScopeInput.value,
+                                username_claim: userClaimInput.value,
                             };
                         };
-                        $(form).append([urlLabel, cidLabel, secretLabel, idAlgLabel, userAlgLabel, pkce, nonce]);
+                        $(form).append([urlLabel, cidLabel, secretLabel, idAlgLabel, userAlgLabel, pkce, nonce, userScopeLabel, userClaimLabel]);
                     });
 
                     if (isEdit) {

client/translations/messages.json

@@ -24,9 +24,12 @@
     "provider_oidc_useralg":"User Info response algorithm",
     "provider_oidc_pkce":"Use PKCE code challenge",
     "provider_oidc_nonce":"Use nonce",
+    "provider_oidc_userscope":"Username Scope",
+    "provider_oidc_userclaim":"Username Claim",
     "provider_saml_issuer":"Issuer ID",
     "provider_saml_idpcert":"IdP certificate",
     "provider_saml_providercert":"Service provider certificate",
     "provider_saml_private":"Private signing key",
+    "provider_saml_name":"Username attribute",
     "provider_remove_confirm": "Remove this identity provider?"
 }

protocols/oidc.js

@@ -15,7 +15,7 @@ module.exports = (SSOUtils) => {
             Env.Log.verbose('DISCOVERED_OPENID_ISSUER', {name:cfg.name});
 
             let id_alg = cfg.id_token_alg || cfg.jwt_alg || 'PS256';
-            let user_alg = cfg.userinfo_token_alg || cfg.jwt_alg || 'PS256';
+            let user_alg = cfg.userinfo_token_alg || cfg.jwt_alg || '';
 
             // ID token alg supported
             let its = issuer.id_token_signing_alg_values_supported;