🐛(helm) fix OIDC authentication with standard scopes

"usual_name" does not seem to be standard, it gives error during login. We replace "usual_name" by "family_name".
2025-12-16 16:09:19 +01:00
parent 2e66b87dab
commit 7d64d79eeb
2 changed files with 6 additions and 6 deletions
--- a/src/helm/env.d/dev/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl
@@ -31,8 +31,8 @@ backend:
    LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
    LOGGING_LEVEL_LOGGERS_ROOT: INFO
    LOGGING_LEVEL_LOGGERS_APP: INFO
-    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
-    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
+    OIDC_USERINFO_SHORTNAME_FIELD: "first_name"
+    OIDC_USERINFO_FULLNAME_FIELDS: "name"
    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token
@@ -42,7 +42,7 @@ backend:
    OIDC_RP_CLIENT_ID: docs
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email given_name usual_name"
+    OIDC_RP_SCOPES: "openid email profile"
    LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io
    LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io
    LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io
--- a/src/helm/env.d/feature/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/feature/values.impress.yaml.gotmpl
@@ -32,8 +32,8 @@ backend:
    LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
    LOGGING_LEVEL_LOGGERS_ROOT: INFO
    LOGGING_LEVEL_LOGGERS_APP: INFO
-    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
-    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
+    OIDC_USERINFO_SHORTNAME_FIELD: "first_name"
+    OIDC_USERINFO_FULLNAME_FIELDS: "name"
    OIDC_OP_JWKS_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/certs
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/token
@@ -43,7 +43,7 @@ backend:
    OIDC_RP_CLIENT_ID: docs
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email given_name usual_name"
+    OIDC_RP_SCOPES: "openid email profile"
    LOGIN_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
    LOGIN_REDIRECT_URL_FAILURE: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
    LOGOUT_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}