feat(coderd): add CODER_OIDC_NAME_FIELD

coder · johnstcn · Jun 6, 2024 · Jun 4, 2024 · Jun 4, 2024 · Jun 5, 2024
commit 48b4415d248b1e013222fbc704d68fc18b25cb05
diff --git a/cli/server.go b/cli/server.go
@@ -169,6 +169,7 @@ func createOIDCConfig(ctx context.Context, vals *codersdk.DeploymentValues) (*co
 		EmailDomain:         vals.OIDC.EmailDomain,
 		AllowSignups:        vals.OIDC.AllowSignups.Value(),
 		UsernameField:       vals.OIDC.UsernameField.String(),
+		NameField:           vals.OIDC.NameField.String(),
 		EmailField:          vals.OIDC.EmailField.String(),
 		AuthURLParams:       vals.OIDC.AuthURLParams.Value,
 		IgnoreUserInfo:      vals.OIDC.IgnoreUserInfo.Value(),

diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -701,6 +701,9 @@ type OIDCConfig struct {
 	// EmailField selects the claim field to be used as the created user's
 	// email.
 	EmailField string
+	// NameField selects the claim field to be used as the created user's
+	// full / given name.
+	NameField string
 	// AuthURLParams are additional parameters to be passed to the OIDC provider
 	// when requesting an access token.
 	AuthURLParams map[string]string
@@ -1222,6 +1225,7 @@ type oauthLoginParams struct {
 	AllowSignups bool
 	Email        string
 	Username     string
+	Name         string
 	AvatarURL    string
 	// Is UsingGroups is true, then the user will be assigned
 	// to the Groups provided.

diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
@@ -1039,7 +1039,7 @@ func TestUserOIDC(t *testing.T) {
 			},
 			AssertUser: func(t testing.TB, u codersdk.User) {
 				assert.Equal(t, "user", u.Username)
-				assert.Equal(t, "User Name", u.Name)
+				assert.Equal(t, "User McName", u.Name)
 			},
 			IgnoreUserInfo: true,
 			AllowSignups:   true,
@@ -1086,6 +1086,7 @@ func TestUserOIDC(t *testing.T) {
 				cfg.EmailDomain = tc.EmailDomain
 				cfg.IgnoreEmailVerified = tc.IgnoreEmailVerified
 				cfg.IgnoreUserInfo = tc.IgnoreUserInfo
+				cfg.NameField = "name"
 			})
 
 			auditor := audit.NewMock()

diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -333,6 +333,7 @@ type OIDCConfig struct {
 	Scopes              serpent.StringArray                 `json:"scopes" typescript:",notnull"`
 	IgnoreEmailVerified serpent.Bool                        `json:"ignore_email_verified" typescript:",notnull"`
 	UsernameField       serpent.String                      `json:"username_field" typescript:",notnull"`
+	NameField           serpent.String                      `json:"name_field" typescript:",notnull"`
 	EmailField          serpent.String                      `json:"email_field" typescript:",notnull"`
 	AuthURLParams       serpent.Struct[map[string]string]   `json:"auth_url_params" typescript:",notnull"`
 	IgnoreUserInfo      serpent.Bool                        `json:"ignore_user_info" typescript:",notnull"`
@@ -1192,6 +1193,16 @@ when required by your organization's security policy.`,
 			Group:       &deploymentGroupOIDC,
 			YAML:        "usernameField",
 		},
+		{
+			Name:        "OIDC Name Field",
+			Description: "OIDC claim field to use as the name.",
+			Flag:        "oidc-name-field",
+			Env:         "CODER_OIDC_NAME_FIELD",
+			Default:     "name",
+			Value:       &c.OIDC.NameField,
+			Group:       &deploymentGroupOIDC,
+			YAML:        "nameField",
+		},
 		{
 			Name:        "OIDC Email Field",
 			Description: "OIDC claim field to use as the email.",