From a1f953665773b2e0d415d0603f082acca15037ff Mon Sep 17 00:00:00 2001
From: phaseshift3r <phaseshift3r@hotmail.com>
Date: Fri, 11 Sep 2020 11:16:28 +0200
Subject: [PATCH] Update oidc_server.js

added hack for getting the claims in the accessToken instead of the /adfs/oauth2/userinfo endpoint

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-faq#i-am-trying-to-get-additional-claims-on-the-user-info-endpoint-but-its-only-returning-subject-how-can-i-get-additional-claims

Environment variable needed set
OAUTH2_ADFS=true
---
 packages/wekan-oidc/oidc_server.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/packages/wekan-oidc/oidc_server.js b/packages/wekan-oidc/oidc_server.js
index 745f68e85..09ba76a84 100644
--- a/packages/wekan-oidc/oidc_server.js
+++ b/packages/wekan-oidc/oidc_server.js
@@ -9,7 +9,20 @@ OAuth.registerService('oidc', 2, null, function (query) {
   var accessToken = token.access_token || token.id_token;
   var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));
 
-  var userinfo = getUserInfo(accessToken);
+  var claimsInAccessToken = process.env.OAUTH2_ADFS || false; 
+  
+  var userinfo; 
+  if(claimsInAccessToken)
+  {
+    // hack when using custom claims in the accessToken. On premise ADFS
+    userinfo = getTokenContent(accessToken);
+  }
+  else
+  {
+    // normal behaviour, getting the claims from UserInfo endpoint.
+    userinfo = getUserInfo(accessToken);
+  }
+  
   if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack
   if (userinfo.metadata) userinfo = userinfo.metadata // Openshift hack
   if (debug) console.log('XXX: userinfo:', userinfo);