Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC: Option for Username instead of Email #793

Open
57194 opened this issue Aug 7, 2024 · 2 comments
Open

OIDC: Option for Username instead of Email #793

57194 opened this issue Aug 7, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@57194
Copy link

57194 commented Aug 7, 2024

It would be nice if one could configure it so when logging in with OIDC is reads the username field rather than email field.

Edit: Biggest reason is if my OIDC users want to share their bookmarks, they'd be able to do that without sharing their email address with the world (or just other users if not sharing publicly).

@57194 57194 changed the title OIDC: Configure Field for Username OIDC: Option for Username instead of Email Aug 7, 2024
@57194
Copy link
Author

57194 commented Aug 12, 2024

OIDC_USERNAME_ALGO = "bookmarks.utils.generate_username"

linkding/bookmarks/utils.py

Lines 117 to 123 in fbc97a3

def generate_username(email):
# taken from mozilla-django-oidc docs :)
# Using Python 3 and Django 1.11+, usernames can contain alphanumeric
# (ascii and unicode), _, @, +, . and - characters. So we normalize
# it and slice at 150 characters.
return unicodedata.normalize("NFKC", email)[:150]

I don't understand how the email parameter is being passed at all, but my proposal is basically an additional config option, like OIDC_USERNAME_CLAIM or something that takes a string with the desired scope. If unset, the default should of course be email for the current behavior.


Authelia, for instance, offers a lot of claim options:

  "claims_supported": [
    "amr",
    "aud",
    "azp",
    "client_id",
    "exp",
    "iat",
    "iss",
    "jti",
    "rat",
    "sub",
    "auth_time",
    "nonce",
    "email",
    "email_verified",
    "alt_emails",
    "groups",
    "preferred_username",
    "name"
  ],

@sissbruecker
Copy link
Owner

@sissbruecker sissbruecker added the enhancement New feature or request label Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants