feat: allow claim mapping for user name with oidc (#3540)

* feat: allow claim mapping for user name with oidc * feat: bats test for claim mapping * test: fix dex config in openid mapping test Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * test: add panva idp Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: address copilot comments Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> Co-authored-by: Sky Moore <i@msky.me>
2026-06-19 22:27:58 +08:00 · 2025-11-20 08:54:56 -08:00
parent 7fa53f5b0f
commit 64829f9502
10 changed files with 740 additions and 13 deletions
@@ -170,6 +170,16 @@ type OpenIDProviderConfig struct {
 	AuthURL         string
 	TokenURL        string
 	Scopes          []string
+	ClaimMapping    *ClaimMapping `mapstructure:",omitempty"`
+}
+
+// ClaimMapping specifies how OpenID claims are mapped to application fields.
+// It allows customization of which claim is used as the username when authenticating users.
+type ClaimMapping struct {
+	// Username specifies which OpenID claim to use as the username for the authenticated user.
+	// Acceptable values include "preferred_username", "email", "sub", "name", or any custom claim name.
+	// If not configured, the default is "email".
+	Username string `mapstructure:"username,omitempty"`
 }

 type MethodRatelimitConfig struct {
@@ -611,6 +621,7 @@ func (c *Config) Sanitize() *Config {
 					AuthURL:      config.AuthURL,
 					TokenURL:     config.TokenURL,
 					Scopes:       config.Scopes,
+					ClaimMapping: config.ClaimMapping,
 				}
 			}
 		}