Skip to content

Fix gitlab_username_claim, read also from extra.raw_info

What does this MR do and why?

The OmniAuth integration provides an option to set a gitlab_username_claim introduced via !89379 (merged). However, such custom claims are often part of extra.raw_info within the OmniAuth::AuthHash and therefore not recognized as reported within Gitlab Omniauth with openid_connect with azure_... (#389769 - closed).

This MR extends the get_from_auth_hash_or_info function to get the gitlab_username_claim also from extra.raw_info.

🛠 with at Siemens

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Configure e.g. Azure as oidc provider as per https://docs.gitlab.com/ee/administration/auth/oidc.html#configure-microsoft-azure
  2. Add a custom claim (e.g. https://example.com/claims/username), e.g. using https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-jwt-claims-customization
  3. Set gitlab_username_claim: "https://example.com/claims/username" within omniauth config
  4. Login an verify the username

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Roger Meier

Merge request reports

Loading