cameleer/cameleer-server
1
0
Fork 0
Code Issues 43 Pull Requests Actions Packages Projects Releases Wiki Activity

Add displayName to auth response and configurable display name claim for OIDC
Some checks failed
CI / build (push) Successful in 1m11s
Details
CI / docker (push) Successful in 49s
Details
CI / deploy (push) Failing after 2m9s
Details

Browse Source 
- Add displayName field to AuthTokenResponse so the UI shows human-readable
  names instead of internal JWT subjects (e.g. user:oidc:<hash>)
- Add displayNameClaim to OIDC config (default: "name") allowing admins to
  configure which ID token claim contains the user's display name
- Support dot-separated claim paths (e.g. profile.display_name) like rolesClaim
- Add admin UI field for Display Name Claim on the OIDC config page
- ClickHouse migration: ALTER TABLE adds display_name_claim column

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-14 16:09:24 +01:00
parent 6676e209c7
commit 463cab1196
18 changed files with 96 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java
View File

@@ -9,9 +9,10 @@ import java.util.List;
* @param issuerUri OIDC discovery issuer URL
* @param clientId OAuth2 client ID
* @param clientSecret OAuth2 client secret (stored server-side only)
* @param rolesClaim dot-separated path to roles in the id_token (e.g. {@code realm_access.roles})
* @param defaultRoles fallback roles for new users with no OIDC role claim
* @param autoSignup whether new OIDC users are automatically created on first login
* @param rolesClaim dot-separated path to roles in the id_token (e.g. {@code realm_access.roles})
* @param defaultRoles fallback roles for new users with no OIDC role claim
* @param autoSignup whether new OIDC users are automatically created on first login
* @param displayNameClaim dot-separated path to display name in the id_token (e.g. {@code name}, {@code preferred_username})
*/
public record OidcConfig(
boolean enabled,
@@ -20,9 +21,10 @@ public record OidcConfig(
String clientSecret,
String rolesClaim,
List<String> defaultRoles,
boolean autoSignup
boolean autoSignup,
String displayNameClaim
) {
public static OidcConfig disabled() {
return new OidcConfig(false, "", "", "", "realm_access.roles", List.of("VIEWER"), true);
return new OidcConfig(false, "", "", "", "realm_access.roles", List.of("VIEWER"), true, "name");
}
}