When retrieving userinfo with oauth2_fetch_user_details=true, we sometimes want to disallow account creation if an attribute is not fulfilled.
This commit adds a new register oauth2_basic_required_json_path which will kick in when retrieving userinfo.
It is a configuration error to set oauth2_fetch_user_details to true but leave oauth2_user_json_url empty.
Before, this resulted in an unhandled exception in core. Now it is checked here.
The #queue_jobs= method on site settings has been deprecated and replaced by Jobs.run_later! and Jobs.run_immediately!. This PR replaces usages in this plugin so we can remove the fallback in core.
We're moving the location of the email-overriding logic in https://github.com/discourse/discourse/pull/15378, which makes the old unit test in this plugin fail. This commit makes it an integration test, so that it's more robust against core changes, and will continue to pass before and after the core changes.
Other plugins can tell the authenticator to traverse the user details JSON using custom paths and store the values in the user associated account extra field.
Some identity providers send email_verfied as a 'true'/'false' string, not a boolean. (e.g. this bug in Auth0: https://community.auth0.com/t/27553)
This commit adds automatic handling for this case, so that the string is automatically converted into a real boolean.
This is achieved by surrounding a key with double quotes, or by escaping
the dot character with a backslash.
For example, given the JSON
```
{ "www.example.com/uid": "myuid" }
```
Previously, there was no way to access this value. The dots would make
the parser try to access `json["www"]["example"]["com/uid"]`.
Now, this value can be accessed by using a `oauth2_json_user_id_path` like:
```
www\.example\.com/uid
```
or alternatively:
```
"www.example.com/uid"
```
This brings the plugin in-line with recent core improvements. Advantages include
- Account-linking logic and storage is shared between all authentication providers
- Optionally, users can be allowed to disconnect/reconnect their accounts
- The 'last used' date of an association is recorded
- Association metadata is recorded in the database for use in data explorer and other plugins
Data migration will be performed automatically, and all existing functionality is maintained.
* Add way to use user details returned in token response
* Add spec
* Apply suggestions from code review
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
I feel like this is kind of a hack to handle a change with Auth0 where
the actual user id is inside of an array of identities. While I do think
it would be good to build an actual plugin for Auth0 to better handle
their use case I do feel that it is important that we can handle Auth0
with this plugin for now.
Natalie Tay
Leonardo Mosquera
Jarek Radosz
Ted Johansson
David Taylor
Angus McLeod
Roman Rizzi
Alan Guo Xiang Tan
Josh Kerxhalli-Kleinfield
Penar Musaraj
Guo Xiang Tan
misaka4e21
Blake Erickson
Leo McArdle