libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

feat: support multi hd in GoogleIdentityProvider

Browse source 
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
This commit is contained in:
Đặng Minh Dũng 2023-02-01 16:17:41 +07:00 committed by Pedro Igor
parent f71ab092de
commit d91eeac612
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
View file

@ -31,6 +31,7 @@ import org.keycloak.representations.JsonWebToken;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
import java.util.Arrays;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -123,7 +124,7 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
throw new IdentityBrokerException("Identity token does not contain hosted domain parameter.");
}
if (hostedDomain.equals("*") || hostedDomain.equals(receivedHdParam)) {
if (hostedDomain.equals("*") || Arrays.asList(hostedDomain.split(",")).contains(receivedHdParam)) {
return token;
}

2
themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
View file

@ -697,7 +697,7 @@ identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoki
offlineAccess=Request refresh token
identity-provider.google-offlineAccess.tooltip=Set 'access_type' query parameter to 'offline' when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
hostedDomain=Hosted Domain
identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered, any hosted account can be used.
identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered, any hosted account can be used. Comma ',' separated list of domains is supported.
profileProjection=Profile Projection
identity-provider.linkedin-profileProjection.tooltip=Projection parameter for profile request. Leave empty for default projection.
identity-provider.facebook-fetchedFields.label=Additional user's profile fields