vikunja/pkg
Weijie Zhao 00c4148f05
feat(auth): add ForceUserInfo option to OpenID provider (#797)
Problem:

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.

Solution:

This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact:

- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

Related:

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
2025-05-20 08:06:34 +00:00
..
caldav chore(caldav): refactor fetching projects 2024-10-30 08:37:27 +01:00
cmd feat: translate notifications 2025-03-02 11:41:38 +01:00
config chore!: remove deprecated config settings 2025-03-24 16:52:46 +01:00
cron chore: remove year from copyright headers 2023-09-01 08:32:28 +02:00
db fix(project): add position in test fixtures 2025-03-20 14:00:18 +01:00
events fix: create missing indexes on postgres 2024-10-28 13:25:38 +01:00
files fix(files): configure the files path in files init instead of globally 2024-09-29 19:04:25 +02:00
i18n chore(i18n): update translations via Crowdin 2025-05-20 00:56:51 +00:00
initialize feat: translate notifications 2025-03-02 11:41:38 +01:00
integrations fix(filter): do not show tasks in filter results when they are filtered out by labels 2025-01-20 14:05:42 +01:00
log chore!: remove deprecated config settings 2025-03-24 16:52:46 +01:00
mail fix(mail): do not fail testmail command when the connection could not be closed. 2024-08-12 11:08:16 +02:00
metrics chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00
migration chore(deps): update golangci/golangci-lint-action action to v7 (#462) 2025-04-02 09:28:56 +02:00
models fix(projects): do not try to fetch project permissions when no projects exist 2025-05-19 18:21:05 +02:00
modules feat(auth): add ForceUserInfo option to OpenID provider (#797) 2025-05-20 08:06:34 +00:00
notifications fix(i18n): make notification settings link translatable 2025-05-15 09:18:27 +02:00
red chore: remove year from copyright headers 2023-09-01 08:32:28 +02:00
routes fix: remove unused import 2025-05-15 09:54:15 +02:00
swagger [skip ci] Updated swagger docs 2025-05-13 11:27:04 +00:00
user chore(utils): remove deprecated MakeRandomString function 2025-03-24 16:52:46 +01:00
utils feat(i18n): use plural translations in humanize duration 2025-05-16 21:57:07 +02:00
version fix(build): don't require swagger to build 2023-09-06 21:08:09 +02:00
web feat(auth): sso fallback mapping (#3068) 2025-03-02 15:21:09 +00:00