Allow customizing username when creating user through OIDC (#971)

* add ability to cutomize claim user for username generation on oidc login * update documentation with new OIDC options * oidc: also normalize custom claim as username * improve tests * improve docs * some more cleanup --------- Co-authored-by: Sascha Ißbrücker <sascha.issbruecker@gmail.com>
2025-08-10 04:07:52 +02:00 · 2025-01-30 03:40:52 +01:00
parent fc48b266a8
commit 2973812626
4 changed files with 93 additions and 9 deletions
--- a/siteroot/settings/base.py
+++ b/siteroot/settings/base.py
@@ -194,8 +194,10 @@ if LD_ENABLE_OIDC:
    OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID")
    OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET")
    OIDC_RP_SIGN_ALGO = os.getenv("OIDC_RP_SIGN_ALGO", "RS256")
+    OIDC_RP_SCOPES = os.getenv("OIDC_RP_SCOPES", "openid email profile")
    OIDC_USE_PKCE = os.getenv("OIDC_USE_PKCE", True) in (True, "True", "1")
    OIDC_VERIFY_SSL = os.getenv("OIDC_VERIFY_SSL", True) in (True, "True", "1")
+    OIDC_USERNAME_CLAIM = os.getenv("OIDC_USERNAME_CLAIM", "email")

 # Enable authentication proxy support if configured
 LD_ENABLE_AUTH_PROXY = os.getenv("LD_ENABLE_AUTH_PROXY", False) in (True, "True", "1")