Allow nested groups claim

zorn-v · Sep 13, 2019 · f7cf752 · f7cf752
1 parent 6ad19d9
commit f7cf752
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -20,6 +20,20 @@ or
 {"roles": "admin,user"}
 ```
 
+Also nested claims is supported. For example `resource_access.client-id.roles` for
+
+```json
+"resource_access": {
+   "client-id": {
+     "roles": [
+       "client-role-1",
+       "client-role-2"
+     ]
+   }
+}
+```
+
+
 You can use provider groups in two ways:
 
 1. Map provider groups to existing nextcloud groups

diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -5,7 +5,7 @@
     <name>Social Login</name>
     <summary>Social login via OAuth or OpenID</summary>
     <description> </description>
-    <version>2.0.3</version>
+    <version>2.1.0</version>
     <licence>agpl</licence>
     <author>zorn-v</author>
     <namespace>SocialLogin</namespace>

diff --git a/lib/Provider/CustomOAuth2.php b/lib/Provider/CustomOAuth2.php
@@ -62,7 +62,17 @@ public function getUserProfile()
     protected function getGroups(Data\Collection $data)
     {
         if ($groupsClaim = $this->config->get('groups_claim')) {
-            $groups = $data->get($groupsClaim);
+            $nestedClaims = explode('.', $groupsClaim);
+            $claim = array_shift($nestedClaims);
+            $groups = $data->get($claim);
+            while (count($nestedClaims) > 0) {
+                $claim = array_shift($nestedClaims);
+                if (!isset($groups[$claim])) {
+                    $groups = [];
+                    break;
+                }
+                $groups = $groups[$claim];
+            }
             if (is_array($groups)) {
                 return $groups;
             } elseif (is_string($groups)) {