From 6686bf253e42c9f54e03044c335e81207d6ceb49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20H=C3=B8rl=C3=BCck=20Berg?= <36937807+henrikhorluck@users.noreply.github.com> Date: Wed, 28 Feb 2024 18:02:18 +0100 Subject: [PATCH] Request id_token, sync more fields to Auth0 --- apps/authentication/models.py | 22 ++++++++++++++++++++++ onlineweb4/settings/base.py | 1 + 2 files changed, 23 insertions(+) diff --git a/apps/authentication/models.py b/apps/authentication/models.py index 41e4c8f51..4c7adfc0c 100644 --- a/apps/authentication/models.py +++ b/apps/authentication/models.py @@ -294,6 +294,28 @@ def save(self, *args, **kwargs): } ) + if self.first_name != old.first_name and len(self.first_name) > 0: + # auth0 does not allow zero-length names + auth0 = auth0 if auth0 is not None else auth0_client() + auth0.users.update(self.auth0_subject, {"given_name": self.first_name}) + + if self.last_name != old.last_name and len(self.first_name) > 0: + auth0 = auth0 if auth0 is not None else auth0_client() + auth0.users.update(self.auth0_subject, {"family_name": self.last_name}) + + if self.phone_number != old.phone_number: + # this should technically perform more validation, number might be invalid + auth0 = auth0 if auth0 is not None else auth0_client() + auth0.users.update( + self.auth0_subject, {"user_metadata": {"phone": self.phone_number}} + ) + + if self.gender != old.gender: + auth0 = auth0 if auth0 is not None else auth0_client() + auth0.users.update( + self.auth0_subject, {"user_metadata": {"gender": self.gender}} + ) + super().save(*args, **kwargs) def serializable_object(self): diff --git a/onlineweb4/settings/base.py b/onlineweb4/settings/base.py index 3a895d854..2ef491c96 100644 --- a/onlineweb4/settings/base.py +++ b/onlineweb4/settings/base.py @@ -149,3 +149,4 @@ def get_stats_file() -> str: OIDC_OP_LOGOUT_URL_METHOD = "apps.authentication.backends.provider_logout" # we need it for logout OIDC_STORE_ID_TOKEN = True +OIDC_RP_SCOPES = "openid email profile"