How do I get the UID for the user to later use to set the user when creating nodes and so forth?

// T

CommentFileSizeAuthor
#9 oauth2_server-2274357-9.patch15.09 KBpjcdawkins
#6 2274357-6.patch13.38 KBAngry Dan

Comments

bojanz’s picture

bojanz commented

Are you creating the nodes on the server? Or on a client site?
Are you using Services or not?
Which grant type are you using?

timbrandin’s picture

timbrandin commented

I am using a Meteor (a Javascript framework) and will be sending through the server side (nodejs).

I used the Authorize grant, or something.
I was able to get the username, but I need the uid when I create nodes through services yes.

Can't the SSO using OAuth2 provide one with both username and uid in the UserInfo?

Thanks for such a quick reply.
// T

bojanz’s picture

bojanz commented

We need to change the "sub" param to show the uid, not the username (because the username can change, so it isn't stable).

Though to be honest, the fact that you need the uid shows how uncomfortable Services is in this regard... Usually server code just takes the uid of the provided token.

bojanz’s picture

bojanz commented
Title: UserInfo does not return a UID » Return the uid instead of the username as the user_id / sub param
Category: Support request » Task
Priority: Normal » Major

We need to do this for the grant types as well.
(The uid is not changeable, but the username is, so it's clear what needs to be used in this context)

Angry Dan’s picture

Angry Dan commented

I agree that this is major - relying on the username isn't a good practice. I'd suggest a delegate function in the .module file for returning the user_id/sub value for consistency.

Am I right that we just need to replace all output around 'user_id' and 'sub' values? Or is this a more complex change?

Angry Dan’s picture

Angry Dan commented
Version: 7.x-1.x-dev » 7.x-1.1
Status: Active » Needs review
StatusFileSize
new 2274357-6.patch13.38 KB

Ok, I've had a go at implementing this...

I've adjusted the tests to match but I've not run them. I should also stress that I'm not completely familiar with this module yet. Most of my changes appear to be in the Storage class.

pjcdawkins’s picture

pjcdawkins commented

FYI, the tests work. But how do we deal with client sites that already using the username-based sub? I guess the patch does not make it configurable.

pjcdawkins’s picture

pjcdawkins commented 
+++ b/lib/Drupal/oauth2_server/Storage.php
@@ -272,20 +270,22 @@ class Storage implements AuthorizationCodeInterface,
-      'sub' => $username,
+      'sub' => $uid,

Perhaps this could use uid by default, but use $user->name if configured via the module configuration form. An update function should ensure that sites keep the 'name' as the sub, and notify developers should they wish to change it.

pjcdawkins’s picture

pjcdawkins commented
Version: 7.x-1.1 » 7.x-1.x-dev
StatusFileSize
new oauth2_server-2274357-9.patch15.09 KB

This is #6, re-rolled, with the addition of:

  • the variable 'sub' property as I mention in #8
  • an update function so that previous installs get the old behaviour
  • a test to ensure that the sub property can be changed successfully

  • pjcdawkins committed effe73c on authored by Angry Dan 
    Issue #2274357 by pjcdawkins, Angry Dan, bojanz, timbrandin: Return the...
pjcdawkins’s picture

pjcdawkins commented
Status: Needs review » Fixed
pjcdawkins’s picture

pjcdawkins commented
Status: Fixed » Needs work

Unfortunately this breaks OpenID Connect, because the user_id is still the 'sub' in the ID Token, here: https://github.com/bshaffer/oauth2-server-php/blob/master/src/OAuth2/Ope...

pjcdawkins’s picture

pjcdawkins commented
Status: Needs work » Fixed

Following up in #2467319: Sub property config does not return the right sub in the ID token

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.