From 68a74416a473aa5fd45eacc344a86a2ac4c9e87a Mon Sep 17 00:00:00 2001 From: MidoriKurage Date: Mon, 23 Mar 2026 12:31:15 +0800 Subject: [PATCH] fix(openid): Merge VikunjaGroups and ExtraSettingsLinks from userinfo When `forceuserinfo: true`, `mergeClaims` discards `vikunja_groups` and `extra_settings_links` claims fetched from the userinfo endpoint, failing team sync for opaque tokens. Fixes team sync for OIDC providers using opaque tokens. --- pkg/modules/auth/openid/openid.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/modules/auth/openid/openid.go b/pkg/modules/auth/openid/openid.go index 7c634daf1..8d0446d13 100644 --- a/pkg/modules/auth/openid/openid.go +++ b/pkg/modules/auth/openid/openid.go @@ -397,6 +397,14 @@ func mergeClaims(cl *claims, cl2 *claims, forceUserInfo bool) error { cl.Picture = cl2.Picture } + if (forceUserInfo && len(cl2.VikunjaGroups) > 0) || len(cl.VikunjaGroups) == 0 { + cl.VikunjaGroups = cl2.VikunjaGroups + } + + if (forceUserInfo && len(cl2.ExtraSettingsLinks) > 0) || len(cl.ExtraSettingsLinks) == 0 { + cl.ExtraSettingsLinks = cl2.ExtraSettingsLinks + } + if cl.Email == "" { return &user.ErrNoOpenIDEmailProvided{} }