FetchAuthUser returns an AuthUser instance based the provider's user api. API reference: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
(token *oauth2.Token)
| 73 | // |
| 74 | // API reference: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims |
| 75 | func (p *OIDC) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { |
| 76 | data, err := p.FetchRawUserInfo(token) |
| 77 | if err != nil { |
| 78 | return nil, err |
| 79 | } |
| 80 | |
| 81 | rawUser := map[string]any{} |
| 82 | if err := json.Unmarshal(data, &rawUser); err != nil { |
| 83 | return nil, err |
| 84 | } |
| 85 | |
| 86 | extracted := struct { |
| 87 | Id string `json:"sub"` |
| 88 | Name string `json:"name"` |
| 89 | Username string `json:"preferred_username"` |
| 90 | Picture string `json:"picture"` |
| 91 | Email string `json:"email"` |
| 92 | EmailVerified any `json:"email_verified"` // see #6657 |
| 93 | }{} |
| 94 | if err := json.Unmarshal(data, &extracted); err != nil { |
| 95 | return nil, err |
| 96 | } |
| 97 | |
| 98 | user := &AuthUser{ |
| 99 | Id: extracted.Id, |
| 100 | Name: extracted.Name, |
| 101 | Username: extracted.Username, |
| 102 | AvatarURL: extracted.Picture, |
| 103 | RawUser: rawUser, |
| 104 | AccessToken: token.AccessToken, |
| 105 | RefreshToken: token.RefreshToken, |
| 106 | } |
| 107 | |
| 108 | user.Expiry, _ = types.ParseDateTime(token.Expiry) |
| 109 | |
| 110 | if cast.ToBool(extracted.EmailVerified) { |
| 111 | user.Email = extracted.Email |
| 112 | } |
| 113 | |
| 114 | return user, nil |
| 115 | } |
| 116 | |
| 117 | // FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. |
| 118 | // |
nothing calls this directly
no test coverage detected