From 0679f4701e67e0b76dfb39031f167e104bdbe1a4 Mon Sep 17 00:00:00 2001
From: Kevin Schu <kevin.schu@aoe.com>
Date: Thu, 8 Jul 2021 15:36:18 +0200
Subject: [PATCH] if username is not available in remote, fall back to username
 from token

Signed-off-by: Kevin Schu <kevin.schu@aoe.com>
---
 src/pkg/oidc/helper.go      |  9 +++++++--
 src/pkg/oidc/helper_test.go | 26 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 src/pkg/oidc/helper.go

diff --git a/src/pkg/oidc/helper.go b/src/pkg/oidc/helper.go
old mode 100644
new mode 100755
index 0be2f131c..126a78966
--- a/src/pkg/oidc/helper.go
+++ b/src/pkg/oidc/helper.go
@@ -289,8 +289,12 @@ func mergeUserInfo(remote, local *UserInfo) *UserInfo {
 		Subject: local.Subject,
 		Issuer:  local.Issuer,
 		// Used data from userinfo
-		Username: remote.Username,
-		Email:    remote.Email,
+		Email: remote.Email,
+	}
+	if remote.Username != "" {
+		res.Username = remote.Username
+	} else {
+		res.Username = local.Username
 	}
 	if remote.hasGroupClaim {
 		res.Groups = remote.Groups
@@ -346,6 +350,7 @@ func userInfoFromClaims(c claimsProvider, setting cfgModels.OIDCSetting) (*UserI
 		if username, ok := allClaims[setting.UserClaim].(string); ok {
 			res.Username = username
 		} else {
+			log.Debugf("OIDC. Failed to recover Username from claims: %+v", allClaims)
 			log.Warningf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
 		}
 	}
diff --git a/src/pkg/oidc/helper_test.go b/src/pkg/oidc/helper_test.go
index cdf3e57c5..0f6ee37c8 100644
--- a/src/pkg/oidc/helper_test.go
+++ b/src/pkg/oidc/helper_test.go
@@ -379,6 +379,32 @@ func TestMergeUserInfo(t *testing.T) {
 				hasGroupClaim: true,
 			},
 		},
+		{
+			fromInfo: &UserInfo{
+				Issuer:        "",
+				Subject:       "",
+				Username:      "",
+				Email:         "kevin@whatever.com",
+				Groups:        []string{},
+				hasGroupClaim: false,
+			},
+			fromIDToken: &UserInfo{
+				Issuer:        "issuer-whatever",
+				Subject:       "subject-kevin",
+				Username:      "kevin",
+				Email:         "kevin@whatever.com",
+				Groups:        []string{"g1", "g2"},
+				hasGroupClaim: true,
+			},
+			expected: &UserInfo{
+				Issuer:        "issuer-whatever",
+				Subject:       "subject-kevin",
+				Username:      "kevin",
+				Email:         "kevin@whatever.com",
+				Groups:        []string{"g1", "g2"},
+				hasGroupClaim: true,
+			},
+		},
 	}
 
 	for _, tc := range s {