[PR #797] [MERGED] feat(auth): add ForceUserInfo option to OpenID provider #951

New Issue

GiteaMirror · 2025-11-01T21:07:53-05:00

GiteaMirror commented

2025-11-01 21:07:53 -05:00

📋 Pull Request Information

Original PR: https://github.com/go-vikunja/vikunja/pull/797
Author: @maggch97
Created: 5/19/2025
Status: ✅ Merged
Merged: 5/20/2025
Merged by: @kolaente

Base: main ← Head: user/weijiezhao/forceUserInfo

📝 Commits (4)

d0c4f1c feat(auth): add ForceUserInfo option to OpenID provider
4c1e5a9 Add unit test for ForceUserInfo
c685639 Merge branch 'main' into user/weijiezhao/forceUserInfo
e2029c7 Remove provideName param

📊 Changes

4 files changed (+177 additions, -19 deletions)

View changed files

📝 config-raw.json (+5 -0)
📝 pkg/modules/auth/openid/openid.go (+34 -19)
📝 pkg/modules/auth/openid/openid_test.go (+124 -0)
📝 pkg/modules/auth/openid/providers.go (+14 -0)

📄 Description

Add ForceUserInfo option to OpenID provider

Problem

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the name field, while the UserInfo endpoint correctly returns the user's display name.

Solution

This PR adds a new ForceUserInfo option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact

Default behavior remains unchanged (backward compatible)
New option allows administrators to force using UserInfo endpoint data
Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.

Docs PR: https://github.com/go-vikunja/website/pull/107

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-vikunja/vikunja/pull/797 **Author:** [@maggch97](https://github.com/maggch97) **Created:** 5/19/2025 **Status:** ✅ Merged **Merged:** 5/20/2025 **Merged by:** [@kolaente](https://github.com/kolaente) **Base:** `main` ← **Head:** `user/weijiezhao/forceUserInfo` --- ### 📝 Commits (4) - [`d0c4f1c`](https://github.com/go-vikunja/vikunja/commit/d0c4f1c05cc0c5234c5589c7d3c7f3a45f6a57f0) feat(auth): add ForceUserInfo option to OpenID provider - [`4c1e5a9`](https://github.com/go-vikunja/vikunja/commit/4c1e5a93d2dcaf66fa456b15db79670b6aa2a24a) Add unit test for ForceUserInfo - [`c685639`](https://github.com/go-vikunja/vikunja/commit/c6856395ed187a0d7ff9e1fd2434e1338544ba84) Merge branch 'main' into user/weijiezhao/forceUserInfo - [`e2029c7`](https://github.com/go-vikunja/vikunja/commit/e2029c7be347eef45b81d0cba150ce8cb41c8141) Remove provideName param ### 📊 Changes **4 files changed** (+177 additions, -19 deletions) <details> <summary>View changed files</summary> 📝 `config-raw.json` (+5 -0) 📝 `pkg/modules/auth/openid/openid.go` (+34 -19) 📝 `pkg/modules/auth/openid/openid_test.go` (+124 -0) 📝 `pkg/modules/auth/openid/providers.go` (+14 -0) </details> ### 📄 Description # Add ForceUserInfo option to OpenID provider ## Problem When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name. ## Solution This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token. ## Impact - Default behavior remains unchanged (backward compatible) - New option allows administrators to force using UserInfo endpoint data - Particularly useful for providers like Casdoor that don't fully comply with OIDC standards ## Related I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality. Docs PR: https://github.com/go-vikunja/website/pull/107 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-01 21:07:53 -05:00

GiteaMirror closed this issue

2025-11-01 21:07:53 -05:00

GiteaMirror referenced this issue

2025-11-01 21:10:48 -05:00

[PR #951] [MERGED] fix: guard null access in composables #1091

Sign in to join this conversation.

Branches Tags

main

feat-websocket-notifications

claude/csv-import-feature-01Kavsoc8Zabn7Q7WwwfVjBh

csv-import-feature

feat-quick-entry

codex/add-task-sorting-functionality

fix-duplicate-close-button

codex/analyze-codebase-for-email-task-feature

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-oauth-server

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

poc-yaegi-plugins

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feature/use-modern-compiler-for-sass-files-as-well

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

release/0.13

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#951