(user_id/prn) -> sub
parent
1ab29882b4
commit
27a26e0a35
|
@ -94,7 +94,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
|
|||
// create a default authentication object with authority ROLE_API
|
||||
private Authentication createAuthentication(JsonObject token){
|
||||
// TODO: user_id is going to go away. Will have to fix.
|
||||
return new PreAuthenticatedAuthenticationToken(token.get("user_id").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API"));
|
||||
return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API"));
|
||||
}
|
||||
|
||||
private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString){
|
||||
|
|
|
@ -417,9 +417,9 @@ public class AbstractOIDCAuthenticationFilter extends
|
|||
+ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
|
||||
}
|
||||
|
||||
// pull the user_id out as a claim on the id_token
|
||||
// pull the subject (user id) out as a claim on the id_token
|
||||
|
||||
String userId = idToken.getClaims().getUserId();
|
||||
String userId = idToken.getClaims().getSubject();
|
||||
|
||||
// construct an OIDCAuthenticationToken and return a Authentication object w/the userId and the idToken
|
||||
|
||||
|
|
|
@ -78,9 +78,9 @@ public class OIDCAuthenticationProvider implements
|
|||
if (userInfo == null) {
|
||||
// TODO: user Info not found -- error?
|
||||
} else {
|
||||
if (!Strings.isNullOrEmpty(userInfo.getUserId()) && !userInfo.getUserId().equals(token.getUserId())) {
|
||||
if (!Strings.isNullOrEmpty(userInfo.getSub()) && !userInfo.getSub().equals(token.getUserId())) {
|
||||
// the userinfo came back and the user_id fields don't match what was in the id_token
|
||||
throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getUserId() + " / " + token.getUserId());
|
||||
throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getSub() + " / " + token.getUserId());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ public class JwtClaims extends ClaimSet {
|
|||
|
||||
public static final String TYPE = "typ";
|
||||
public static final String JWT_ID = "jti";
|
||||
public static final String PRINCIPAL = "prn";
|
||||
public static final String SUBJECT = "sub";
|
||||
public static final String AUDIENCE = "aud";
|
||||
public static final String ISSUER = "iss";
|
||||
public static final String ISSUED_AT = "iat";
|
||||
|
@ -33,7 +33,6 @@ public class JwtClaims extends ClaimSet {
|
|||
public static final String EXPIRATION = "exp";
|
||||
public static final String NONCE = "nonce";
|
||||
|
||||
|
||||
/**
|
||||
* ISO8601 / RFC3339 Date Format
|
||||
*/
|
||||
|
@ -72,8 +71,8 @@ public class JwtClaims extends ClaimSet {
|
|||
setIssuer(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(AUDIENCE)) {
|
||||
setAudience(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(PRINCIPAL)) {
|
||||
setPrincipal(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(SUBJECT)) {
|
||||
setSubject(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(JWT_ID)) {
|
||||
setJwtId(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(TYPE)) {
|
||||
|
@ -162,15 +161,15 @@ public class JwtClaims extends ClaimSet {
|
|||
/**
|
||||
* @return the principal
|
||||
*/
|
||||
public String getPrincipal() {
|
||||
return getClaimAsString(PRINCIPAL);
|
||||
public String getSubject() {
|
||||
return getClaimAsString(SUBJECT);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param principal the principal to set
|
||||
*/
|
||||
public void setPrincipal(String principal) {
|
||||
setClaim(PRINCIPAL, principal);
|
||||
public void setSubject(String principal) {
|
||||
setClaim(SUBJECT, principal);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -85,7 +85,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
private AppType applicationType;
|
||||
private String clientName;
|
||||
private AuthType tokenEndpointAuthType = AuthType.SECRET_BASIC;
|
||||
private UserIdType userIdType;
|
||||
private SubjectType subjectType;
|
||||
|
||||
private Set<String> contacts;
|
||||
|
||||
|
@ -172,20 +172,20 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
}
|
||||
}
|
||||
|
||||
public enum UserIdType {
|
||||
public enum SubjectType {
|
||||
PAIRWISE("pairwise"), PUBLIC("public");
|
||||
|
||||
private final String value;
|
||||
|
||||
// map to aid reverse lookup
|
||||
private static final Map<String, UserIdType> lookup = new HashMap<String, UserIdType>();
|
||||
private static final Map<String, SubjectType> lookup = new HashMap<String, SubjectType>();
|
||||
static {
|
||||
for (UserIdType u : UserIdType.values()) {
|
||||
for (SubjectType u : SubjectType.values()) {
|
||||
lookup.put(u.getValue(), u);
|
||||
}
|
||||
}
|
||||
|
||||
UserIdType(String value) {
|
||||
SubjectType(String value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
|
@ -193,7 +193,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
return value;
|
||||
}
|
||||
|
||||
public static UserIdType getByValue(String value) {
|
||||
public static SubjectType getByValue(String value) {
|
||||
return lookup.get(value);
|
||||
}
|
||||
}
|
||||
|
@ -547,13 +547,13 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
}
|
||||
|
||||
@Enumerated(EnumType.STRING)
|
||||
@Column(name="user_id_type")
|
||||
public UserIdType getUserIdType() {
|
||||
return userIdType;
|
||||
@Column(name="subject_type")
|
||||
public SubjectType getSubjectType() {
|
||||
return subjectType;
|
||||
}
|
||||
|
||||
public void setUserIdType(UserIdType userIdType) {
|
||||
this.userIdType = userIdType;
|
||||
public void setSubjectType(SubjectType subjectType) {
|
||||
this.subjectType = subjectType;
|
||||
}
|
||||
|
||||
@ElementCollection(fetch = FetchType.EAGER)
|
||||
|
@ -843,7 +843,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
+ clientName + ", " : "")
|
||||
+ (tokenEndpointAuthType != null ? "tokenEndpointAuthType="
|
||||
+ tokenEndpointAuthType + ", " : "")
|
||||
+ (userIdType != null ? "userIdType=" + userIdType + ", " : "")
|
||||
+ (subjectType != null ? "subjectType=" + subjectType + ", " : "")
|
||||
+ (contacts != null ? "contacts=" + contacts + ", " : "")
|
||||
+ (logoUrl != null ? "logoUrl=" + logoUrl + ", " : "")
|
||||
+ (policyUrl != null ? "policyUrl=" + policyUrl + ", " : "")
|
||||
|
@ -983,7 +983,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
+ ((tokenEndpointAuthType == null) ? 0 : tokenEndpointAuthType
|
||||
.hashCode());
|
||||
result = prime * result
|
||||
+ ((userIdType == null) ? 0 : userIdType.hashCode());
|
||||
+ ((subjectType == null) ? 0 : subjectType.hashCode());
|
||||
result = prime
|
||||
* result
|
||||
+ ((userInfoEncryptedResponseAlg == null) ? 0
|
||||
|
@ -1212,7 +1212,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
if (tokenEndpointAuthType != other.tokenEndpointAuthType) {
|
||||
return false;
|
||||
}
|
||||
if (userIdType != other.userIdType) {
|
||||
if (subjectType != other.subjectType) {
|
||||
return false;
|
||||
}
|
||||
if (userInfoEncryptedResponseAlg != other.userInfoEncryptedResponseAlg) {
|
||||
|
|
|
@ -37,7 +37,7 @@ import com.google.gson.JsonObject;
|
|||
})
|
||||
public class DefaultUserInfo implements UserInfo {
|
||||
|
||||
private String userId;
|
||||
private String sub;
|
||||
private String preferredUsername;
|
||||
private String name;
|
||||
private String givenName;
|
||||
|
@ -64,16 +64,16 @@ public class DefaultUserInfo implements UserInfo {
|
|||
@Override
|
||||
@Id
|
||||
@GeneratedValue(strategy=GenerationType.IDENTITY)
|
||||
@Column(name="user_id")
|
||||
public String getUserId() {
|
||||
return userId;
|
||||
@Column(name="sub")
|
||||
public String getSub() {
|
||||
return sub;
|
||||
}
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.model.UserInfo#setUserId(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public void setUserId(String userId) {
|
||||
this.userId = userId;
|
||||
public void setSub(String sub) {
|
||||
this.sub = sub;
|
||||
}
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.model.UserInfo#getPreferredUsername
|
||||
|
@ -363,7 +363,7 @@ public class DefaultUserInfo implements UserInfo {
|
|||
public static UserInfo fromJson(JsonObject obj) {
|
||||
DefaultUserInfo ui = new DefaultUserInfo();
|
||||
|
||||
ui.setUserId(obj.has("user_id") ? obj.get("user_id").getAsString() : null);
|
||||
ui.setSub(obj.has("sub") ? obj.get("sub").getAsString() : null);
|
||||
|
||||
ui.setName(obj.has("name") ? obj.get("name").getAsString() : null);
|
||||
ui.setPreferredUsername(obj.has("preferred_username") ? obj.get("preferred_username").getAsString() : null);
|
||||
|
|
|
@ -37,7 +37,6 @@ import com.google.gson.JsonParser;
|
|||
@Table(name="idtokenclaims")
|
||||
public class IdTokenClaims extends JwtClaims {
|
||||
|
||||
public static final String USER_ID = "user_id";
|
||||
public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr";
|
||||
public static final String NONCE = "nonce";
|
||||
public static final String AUTH_TIME = "auth_time";
|
||||
|
@ -77,15 +76,6 @@ public class IdTokenClaims extends JwtClaims {
|
|||
this.id = id;
|
||||
}
|
||||
|
||||
@Transient
|
||||
public String getUserId() {
|
||||
return getClaimAsString(USER_ID);
|
||||
}
|
||||
|
||||
public void setUserId(String user_id) {
|
||||
setClaim(USER_ID, user_id);
|
||||
}
|
||||
|
||||
@Transient
|
||||
public String getAuthContext() {
|
||||
return getClaimAsString(AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
|
||||
|
@ -150,8 +140,6 @@ public class IdTokenClaims extends JwtClaims {
|
|||
for (Entry<String, JsonElement> element : json.entrySet()) {
|
||||
if (element.getValue().isJsonNull()) {
|
||||
pass.add(element.getKey(), element.getValue());
|
||||
} else if (element.getKey().equals(USER_ID)) {
|
||||
setUserId(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) {
|
||||
setAuthContext(element.getValue().getAsString());
|
||||
} else if (element.getKey().equals(NONCE)) {
|
||||
|
|
|
@ -18,13 +18,13 @@ public interface UserInfo {
|
|||
* @return the userId
|
||||
*/
|
||||
@Id
|
||||
@Column(name="user_id")
|
||||
public abstract String getUserId();
|
||||
@Column(name="sub")
|
||||
public abstract String getSub();
|
||||
|
||||
/**
|
||||
* @param userId the userId to set
|
||||
* @param sub the userId to set
|
||||
*/
|
||||
public abstract void setUserId(String userId);
|
||||
public abstract void setSub(String sub);
|
||||
|
||||
/**
|
||||
* @return the preferred username
|
||||
|
|
|
@ -99,7 +99,7 @@ public class TokenIntrospectionView extends AbstractView {
|
|||
|
||||
token.addProperty("audience", src.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getClientId());
|
||||
|
||||
token.addProperty("user_id", src.getAuthenticationHolder().getAuthentication().getName());
|
||||
token.addProperty("subject", src.getAuthenticationHolder().getAuthentication().getName());
|
||||
|
||||
return token;
|
||||
}
|
||||
|
|
|
@ -50,7 +50,7 @@ public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentia
|
|||
try {
|
||||
Jwt jwt = Jwt.parse(assertion);
|
||||
|
||||
String clientId = jwt.getClaims().getPrincipal();
|
||||
String clientId = jwt.getClaims().getSubject();
|
||||
|
||||
Authentication authRequest = new JwtBearerAssertionAuthenticationToken(clientId, jwt);
|
||||
|
||||
|
|
|
@ -51,14 +51,14 @@ public class JpaUserInfoRepository implements UserInfoRepository {
|
|||
@Override
|
||||
@Transactional
|
||||
public UserInfo save(UserInfo userInfo) {
|
||||
return saveOrUpdate(userInfo.getUserId(), manager, userInfo);
|
||||
return saveOrUpdate(userInfo.getSub(), manager, userInfo);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public void remove(UserInfo userInfo) {
|
||||
|
||||
UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getUserId());
|
||||
UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getSub());
|
||||
|
||||
if (found != null) {
|
||||
manager.remove(userInfo);
|
||||
|
|
|
@ -48,7 +48,7 @@ public class DefaultUserInfoUserDetailsService implements UserDetailsService {
|
|||
}
|
||||
|
||||
// TODO: this should really be our own UserDetails wrapper class, shouldn't it?
|
||||
User user = new User(userInfo.getUserId(), password, authorities);
|
||||
User user = new User(userInfo.getSub(), password, authorities);
|
||||
return user;
|
||||
} else {
|
||||
throw new UsernameNotFoundException("Could not find username: " + username);
|
||||
|
|
|
@ -109,8 +109,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
|||
}
|
||||
|
||||
claims.setIssuer(configBean.getIssuer());
|
||||
claims.setUserId(userId);
|
||||
claims.setPrincipal(userId); // TODO: this is technically redundant
|
||||
claims.setSubject(userId);
|
||||
claims.setAudience(clientId);
|
||||
|
||||
idToken.setClaims(claims);
|
||||
|
|
|
@ -90,7 +90,7 @@ public class JSONUserInfoView extends AbstractView {
|
|||
JsonObject obj = new JsonObject();
|
||||
|
||||
if (scope.contains("openid")) {
|
||||
obj.addProperty("user_id", ui.getUserId());
|
||||
obj.addProperty("sub", ui.getSub());
|
||||
}
|
||||
|
||||
if (scope.contains("profile")) {
|
||||
|
|
|
@ -98,7 +98,7 @@ public class POCOUserInfoView extends AbstractView {
|
|||
JsonObject entry = new JsonObject();
|
||||
|
||||
if (scope.contains("openid")) {
|
||||
entry.addProperty("id", ui.getUserId());
|
||||
entry.addProperty("id", ui.getSub());
|
||||
}
|
||||
|
||||
if (scope.contains("profile")) {
|
||||
|
|
|
@ -10,7 +10,7 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
|
|||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity.AuthType;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity.UserIdType;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
|
||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||
|
@ -95,19 +95,19 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
/*
|
||||
* UserID type
|
||||
*/
|
||||
binder.registerCustomEditor(UserIdType.class, new PropertyEditorSupport() {
|
||||
binder.registerCustomEditor(SubjectType.class, new PropertyEditorSupport() {
|
||||
@Override
|
||||
public void setAsText(String text) throws IllegalArgumentException {
|
||||
if (Strings.isNullOrEmpty(text)) {
|
||||
setValue(null);
|
||||
} else {
|
||||
setValue(UserIdType.getByValue(text));
|
||||
setValue(SubjectType.getByValue(text));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAsText() {
|
||||
UserIdType ut = (UserIdType) getValue();
|
||||
SubjectType ut = (SubjectType) getValue();
|
||||
return ut == null ? null : ut.getValue();
|
||||
}
|
||||
});
|
||||
|
@ -206,7 +206,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
// OPENID CONNECT EXTENSIONS BELOW
|
||||
@RequestParam(value = "application_type", required = false) AppType applicationType,
|
||||
@RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl,
|
||||
@RequestParam(value = "user_id_type", required = false) UserIdType userIdType,
|
||||
@RequestParam(value = "subject_type", required = false) SubjectType subjectType,
|
||||
@RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject,
|
||||
// TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now
|
||||
/*
|
||||
|
@ -248,7 +248,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
client.setX509Url(x509Url);
|
||||
client.setX509EncryptionUrl(x509EncryptionUrl);
|
||||
client.setSectorIdentifierUrl(sectorIdentifierUrl);
|
||||
client.setUserIdType(userIdType);
|
||||
client.setSubjectType(subjectType);
|
||||
client.setRequireSignedRequestObject(requireSignedRequestObject);
|
||||
client.setDefaultMaxAge(defaultMaxAge);
|
||||
client.setRequireAuthTime(requireAuthTime == null ? false : requireAuthTime.booleanValue());
|
||||
|
@ -369,7 +369,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
// OPENID CONNECT EXTENSIONS BELOW
|
||||
@RequestParam(value = "application_type", required = false) AppType applicationType,
|
||||
@RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl,
|
||||
@RequestParam(value = "user_id_type", required = false) UserIdType userIdType,
|
||||
@RequestParam(value = "subject_type", required = false) SubjectType subjectType,
|
||||
@RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject,
|
||||
@RequestParam(value = "require_auth_time", required = false, defaultValue = "true") Boolean requireAuthTime,
|
||||
// TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now
|
||||
|
@ -463,8 +463,8 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
if (params.containsKey("sector_identifier_url")) {
|
||||
client.setSectorIdentifierUrl(Strings.emptyToNull(sectorIdentifierUrl));
|
||||
}
|
||||
if (params.containsKey("user_id_type")) {
|
||||
client.setUserIdType(userIdType);
|
||||
if (params.containsKey("subject_type")) {
|
||||
client.setSubjectType(subjectType);
|
||||
}
|
||||
if (params.containsKey("require_signed_request_object")) { // TODO: rename field
|
||||
client.setRequireSignedRequestObject(requireSignedRequestObject);
|
||||
|
|
|
@ -88,7 +88,7 @@ public class SimpleWebDiscoveryEndpoint {
|
|||
scopes_supported array A JSON array containing a list of the OAuth 2.0 [OAuth2.0] scope values that this server supports. The server MUST support the openid scope value.
|
||||
response_types_supported array A JSON array containing a list of the OAuth 2.0 response_type that this server supports. The server MUST support the code, id_token, and the token id_token response_type.
|
||||
acrs_supported array A JSON array containing a list of the Authentication Context Class References that this server supports.
|
||||
user_id_types_supported array A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public.
|
||||
subject_types_supported array A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public.
|
||||
userinfo_algs_supported array A JSON array containing a list of the JWS [JWS] and JWE [JWE] signing and encryption algorithms [JWA] supported by the UserInfo Endpoint to encode the JWT [JWT].
|
||||
id_token_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the ID Token to encode the JWT [JWT].
|
||||
request_object_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the OpenID Request Object described in Section 2.1.2.1 of OpenID Connect Messages [OpenID.Messages] to encode the JWT [JWT]. Servers SHOULD support RS256.
|
||||
|
|
|
@ -83,7 +83,7 @@ CREATE TABLE IF NOT EXISTS client_details (
|
|||
application_type VARCHAR(256),
|
||||
client_name VARCHAR(256),
|
||||
token_endpoint_auth_type VARCHAR(256),
|
||||
user_id_type VARCHAR(256),
|
||||
subject_type VARCHAR(256),
|
||||
|
||||
logo_url VARCHAR(2048),
|
||||
policy_url VARCHAR(2048),
|
||||
|
@ -162,7 +162,7 @@ CREATE TABLE IF NOT EXISTS token_scope (
|
|||
|
||||
CREATE TABLE IF NOT EXISTS user_info (
|
||||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
|
||||
user_id VARCHAR(256),
|
||||
sub VARCHAR(256),
|
||||
preferred_username VARCHAR(256),
|
||||
name VARCHAR(256),
|
||||
given_name VARCHAR(256),
|
||||
|
|
|
@ -15,7 +15,7 @@ CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
|
|||
|
||||
CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
|
||||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
|
||||
user_id VARCHAR(256),
|
||||
sub VARCHAR(256),
|
||||
preferred_username VARCHAR(256),
|
||||
name VARCHAR(256),
|
||||
given_name VARCHAR(256),
|
||||
|
|
|
@ -78,7 +78,7 @@ CREATE TABLE client_details (
|
|||
application_type VARCHAR(256),
|
||||
client_name VARCHAR(256),
|
||||
token_endpoint_auth_type VARCHAR(256),
|
||||
user_id_type VARCHAR(256),
|
||||
subject_type VARCHAR(256),
|
||||
|
||||
logo_url VARCHAR(2048),
|
||||
policy_url VARCHAR(2048),
|
||||
|
@ -157,7 +157,7 @@ CREATE TABLE token_scope (
|
|||
|
||||
CREATE TABLE user_info (
|
||||
id BIGINT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id VARCHAR(256),
|
||||
sub VARCHAR(256),
|
||||
preferred_username VARCHAR(256),
|
||||
name VARCHAR(256),
|
||||
given_name VARCHAR(256),
|
||||
|
|
|
@ -25,7 +25,7 @@ INSERT INTO authorities_TEMP (username, authority) VALUES
|
|||
('srmoore','ROLE_USER');
|
||||
|
||||
-- By default, the username column here has to match the username column in the users table, above
|
||||
INSERT INTO user_info_TEMP (user_id, preferred_username, name, email, email_verified) VALUES
|
||||
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
|
||||
('jricher', 'jricher', 'Justin Richer', 'jricher@mitre.org', false),
|
||||
('aanganes', 'aanganes', 'Amanda Anganes', 'aanganes@mitre.org', false),
|
||||
('mfranklin', 'mfranklin', 'Matt Franklin', 'mfranklin@mitre.org', false),
|
||||
|
@ -49,10 +49,10 @@ MERGE INTO authorities
|
|||
INSERT (username,authority) values (vals.username, vals.authority);
|
||||
|
||||
MERGE INTO user_info
|
||||
USING (SELECT user_id, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(user_id, preferred_username, name, email, email_verified)
|
||||
USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(sub, preferred_username, name, email, email_verified)
|
||||
ON vals.preferred_username = user_info.preferred_username
|
||||
WHEN NOT MATCHED THEN
|
||||
INSERT (user_id, preferred_username, name, email, email_verified) VALUES (vals.user_id, vals.preferred_username, vals.name, vals.email, vals.email_verified);
|
||||
INSERT (sub, preferred_username, name, email, email_verified) VALUES (vals.sub, vals.preferred_username, vals.name, vals.email, vals.email_verified);
|
||||
|
||||
|
||||
--
|
||||
|
|
Loading…
Reference in New Issue