The Wayback Machine - https://web.archive.org/web/20220601172946/https://github.com/go-gitea/gitea/issues/19382
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth userinfo empty name fallback #19382

Open
luwol03 opened this issue Apr 12, 2022 · 2 comments
Open

OAuth userinfo empty name fallback #19382

luwol03 opened this issue Apr 12, 2022 · 2 comments
Labels
good first issue hacktoberfest kind/feature kind/proposal

Comments

@luwol03
Copy link

@luwol03 luwol03 commented Apr 12, 2022

Feature Description

I tried to setup gitea as a oauth provider for my new penpot instance. However I always got errors from penpot that something is wrong (described here penpot/penpot#1802). After a while of debugging, I found out, that the empty name in the user_info response of the oauth process is causing that problems.

// GET http://myserver:3333/login/oauth/userinfo
{
    "sub": "2",
    "name": "",
    "preferred_username": "user1",
    "email": "[email protected]",
    "picture": "http://myserver:3333/avatar/XXXXXXXXXXXXXXXXXX",
    "groups": null
}

However I feel like returning the value of preferred_username in the name field instead of an empty name (which can cause many issues) would be a good choice.

Screenshots

No response
@wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Apr 12, 2022

FYI:

preferred_username String The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format. Its value is mutable and might change over time. Since it is mutable, this value must not be used to make authorization decisions. It can be used for username hints, however, and in human-readable UI as a username. The profile scope is required in order to receive this claim. Present only in v2.0 tokens.
name String The name claim provides a human-readable value that identifies the subject of the token. The value isn't guaranteed to be unique, it can be changed, and it's designed to be used only for display purposes. The profile scope is required to receive this claim.

And the fix could be easy:
change the Name: ctx.Doer.FullName, to Name: ctx.Doer.GetDisplayName(), in auth/oauth.go.

@luwol03
Copy link
Author

@luwol03 luwol03 commented Apr 12, 2022

I suppose that the function returns the username but preferres the full username right?

And thank you for that table. Never knew that preferred_username could actually be any user field like username, email, ...

@luwol03 luwol03 mentioned this issue Apr 26, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue hacktoberfest kind/feature kind/proposal
Milestone
No milestone
Development

No branches or pull requests
3 participants
@techknowlogick @wxiaoguang @luwol03