Merge pull request quarkusio#48010 from sberyozkin/oidc_social_provider_misc_updates

sberyozkin · web-flow · commit c1792910d1a3 · 2025-05-22T17:39:34.000+01:00
Get the user name as principal name with OAuth2 code flow
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java
@@ -463,7 +463,11 @@ private Uni<SecurityIdentity> createSecurityIdentityWithOidcServer(TokenVerifica
                     String errorMessage = "Token and UserInfo do not have matching `sub` claims";
                     return Uni.createFrom().failure(new AuthenticationCompletionException(errorMessage));
                 }
-
+                final String principalClaim = resolvedContext.oidcConfig().token().principalClaim().orElse(null);
+                if (principalClaim != null && !tokenJson.containsKey(principalClaim) && userInfo != null
+                        && userInfo.contains(principalClaim)) {
+                    tokenJson.put(principalClaim, userInfo.getString(principalClaim));
+                }
                 JsonObject rolesJson = getRolesJson(requestData, resolvedContext, tokenCred, tokenJson,
                         userInfo);
                 SecurityIdentity securityIdentity = validateAndCreateIdentity(requestData, tokenCred,
diff --git a/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomSecurityIdentityAugmentor.java b/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomSecurityIdentityAugmentor.java
@@ -43,7 +43,6 @@ public Uni<SecurityIdentity> augment(SecurityIdentity identity, AuthenticationRe
         RoutingContext routingContext = identity.getAttribute(RoutingContext.class.getName());
         if (routingContext != null &&
                 (routingContext.normalizedPath().endsWith("code-flow-user-info-only")
-                        || routingContext.normalizedPath().endsWith("code-flow-user-info-github")
                         || routingContext.normalizedPath().endsWith("code-flow-user-info-dynamic-github")
                         || routingContext.normalizedPath().endsWith("code-flow-token-introspection")
                         || routingContext.normalizedPath().endsWith("code-flow-user-info-github-cached-in-idtoken")
diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -103,6 +103,8 @@ quarkus.oidc.code-flow-user-info-only.credentials.secret=AyM1SysPpbyDfgZld3umj1q
 quarkus.oidc.code-flow-user-info-only.application-type=web-app
 
 quarkus.oidc.code-flow-user-info-github.provider=github
+# Specifies which UserInfo field is used as the OAuth2 principal name.
+quarkus.oidc.code-flow-user-info-github.token.principal-claim=preferred_username
 quarkus.oidc.code-flow-user-info-github.authentication.internal-id-token-lifespan=7H
 quarkus.oidc.code-flow-user-info-github.authentication.verify-access-token=false
 quarkus.oidc.code-flow-user-info-github.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
