diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py index f812ab034..0432b1e5e 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py @@ -111,6 +111,7 @@ def token() -> dict: "iat": time.time(), "exp": time.time() + 86400, # Expire after a day. "sub": user_name, + "email": user_details['email'], "preferred_username": user_details.get("preferred_username", user_name), }, client_secret, diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index 35c94afe6..f32ad789f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -460,25 +460,31 @@ class AuthorizationService: .filter(UserModel.service_id == user_info["sub"]) .first() ) + username = email = "" + if "name" in user_info: + username = user_info["name"] + if "username" in user_info: + username = user_info["username"] + elif "preferred_username" in user_info: + username = user_info["preferred_username"] + if "email" in user_info: + email = user_info["email"] if user_model is None: current_app.logger.debug("create_user in login_return") is_new_user = True - username = email = "" - if "name" in user_info: - username = user_info["name"] - if "username" in user_info: - username = user_info["username"] - elif "preferred_username" in user_info: - username = user_info["preferred_username"] - if "email" in user_info: - email = user_info["email"] user_model = UserService().create_user( service=user_info["iss"], service_id=user_info["sub"], username=username, email=email, ) + else : + # Update with the latest information + user_model.username = username + user_model.email = email + user_model.service = user_info["iss"] + user_model.service_id = user_info["sub"] # this may eventually get too slow. # when it does, be careful about backgrounding, because diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py index 54130c932..23ceb97d5 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py @@ -70,3 +70,8 @@ class TestFlaskOpenId(BaseTest): assert 'access_token' in response.json assert 'id_token' in response.json assert 'refresh_token' in response.json + + decoded_token = jwt.decode(response.json['id_token'], options={"verify_signature": False}) + assert 'iss' in decoded_token + assert 'email' in decoded_token +