[feature] overhaul the oidc system (#961)

* [feature] overhaul the oidc system this allows for more flexible username handling and prevents account takeover using old email addresses * [feature] add migration path for old OIDC users * [feature] nicer error reporting for users * [docs] document the new OIDC flow * [fix] return early on oidc error * [docs]: add comments on the finalization logic
author: Dominik Süß <dominik@suess.wtf> 2022-12-06 14:15:56 +0100
committer: GitHub <noreply@github.com> 2022-12-06 14:15:56 +0100
commit: 199b685f430910910e43476caa9ccec6a441d020 (patch)
tree: b928c97deae38f8194e51b5e7a69766ddd1a0763 /internal/oidc
parent: [feature] media: add webp support (#1155) (diff)
download: gotosocial-199b685f430910910e43476caa9ccec6a441d020.tar.xz
1 files changed, 12 insertions, 4 deletions
diff --git a/internal/oidc/claims.go b/internal/oidc/claims.go
index 4ff337cfb..6f0e58ca9 100644
--- a/internal/oidc/claims.go
+++ b/internal/oidc/claims.go
@@ -18,10 +18,18 @@
 
 package oidc
 
+import "encoding/gob"
+
 // Claims represents claims as found in an id_token returned from an OIDC flow.
 type Claims struct {
-	Email         string   `json:"email"`
-	EmailVerified bool     `json:"email_verified"`
-	Groups        []string `json:"groups"`
-	Name          string   `json:"name"`
+	Sub               string   `json:"sub"`
+	Email             string   `json:"email"`
+	EmailVerified     bool     `json:"email_verified"`
+	Groups            []string `json:"groups"`
+	Name              string   `json:"name"`
+	PreferredUsername string   `json:"preferred_username"`
+}
+
+func init() {
+	gob.Register(&Claims{})
 }
author	Dominik Süß <dominik@suess.wtf>	2022-12-06 14:15:56 +0100
committer	GitHub <noreply@github.com>	2022-12-06 14:15:56 +0100
commit	199b685f430910910e43476caa9ccec6a441d020 (patch)
tree	b928c97deae38f8194e51b5e7a69766ddd1a0763 /internal/oidc
parent	[feature] media: add webp support (#1155) (diff)
download	gotosocial-199b685f430910910e43476caa9ccec6a441d020.tar.xz