Skip to content

Commit 6244c37

Browse files
zacpsnsarrazin
andauthored
Make compatible with Microsoft Entra (v1 and v2 tokens) (#821)
* Make the profile picture claim optional Some identity providers (such as Azure AD) do not provide or support the picture claim. This patch makes it optional. * Allow using Microsoft Entra v1 tokens --------- Co-authored-by: Nathan Sarrazin <sarrazin.nathan@gmail.com>
1 parent 43714c0 commit 6244c37

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

src/lib/types/User.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,6 @@ export interface User extends Timestamps {
77
username?: string;
88
name: string;
99
email?: string;
10-
avatarUrl: string;
10+
avatarUrl: string | undefined;
1111
hfUserId: string;
1212
}

src/routes/login/callback/updateUser.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,12 @@ export async function updateUser(params: {
1818
}) {
1919
const { userData, locals, cookies, userAgent, ip } = params;
2020

21+
// Microsoft Entra v1 tokens do not provide preferred_username, instead the username is provided in the upn
22+
// claim. See https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference
23+
if (!userData.preferred_username && userData.upn) {
24+
userData.preferred_username = userData.upn as string;
25+
}
26+
2127
const {
2228
preferred_username: username,
2329
name,
@@ -28,7 +34,7 @@ export async function updateUser(params: {
2834
.object({
2935
preferred_username: z.string().optional(),
3036
name: z.string(),
31-
picture: z.string(),
37+
picture: z.string().optional(),
3238
sub: z.string(),
3339
email: z.string().email().optional(),
3440
})

0 commit comments

Comments
 (0)