From 0b2fdb60955dae710f6f52bd21a582dfe36fbad0 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Tue, 4 Apr 2023 23:47:16 -0700 Subject: [PATCH 01/13] Implemented Discord provider --- handlers/handlers.go | 3 ++ pkg/cfg/oauth.go | 27 ++++++++++++- pkg/providers/discord/discord.go | 66 ++++++++++++++++++++++++++++++++ pkg/structs/structs.go | 23 ++++++++++- 4 files changed, 116 insertions(+), 3 deletions(-) create mode 100644 pkg/providers/discord/discord.go diff --git a/handlers/handlers.go b/handlers/handlers.go index 6dae94e3..1a46895e 100644 --- a/handlers/handlers.go +++ b/handlers/handlers.go @@ -14,6 +14,7 @@ import ( "net/http" "github.com/gorilla/sessions" + "github.com/vouch/vouch-proxy/pkg/providers/discord" "go.uber.org/zap" "golang.org/x/oauth2" @@ -88,6 +89,8 @@ func getProvider() Provider { return openid.Provider{} case cfg.Providers.Alibaba: return alibaba.Provider{} + case cfg.Providers.Discord: + return discord.Provider{} default: // shouldn't ever reach this since cfg checks for a properly configure `oauth.provider` log.Fatal("oauth.provider appears to be misconfigured, please check your config") diff --git a/pkg/cfg/oauth.go b/pkg/cfg/oauth.go index 56442d64..e7e2f644 100644 --- a/pkg/cfg/oauth.go +++ b/pkg/cfg/oauth.go @@ -44,6 +44,7 @@ var ( OpenStax: "openstax", Nextcloud: "nextcloud", Alibaba: "alibaba", + Discord: "discord", } ) @@ -59,6 +60,7 @@ type OAuthProviders struct { OpenStax string Nextcloud string Alibaba string + Discord string } // oauth config items endoint for access @@ -122,7 +124,8 @@ func oauthBasicTest() error { GenOAuth.Provider != Providers.OIDC && GenOAuth.Provider != Providers.OpenStax && GenOAuth.Provider != Providers.Nextcloud && - GenOAuth.Provider != Providers.Alibaba { + GenOAuth.Provider != Providers.Alibaba && + GenOAuth.Provider != Providers.Discord { return errors.New("configuration error: Unknown oauth provider: " + GenOAuth.Provider) } // OAuthconfig Checks @@ -188,6 +191,9 @@ func setProviderDefaults() { } else if GenOAuth.Provider == Providers.IndieAuth { GenOAuth.CodeChallengeMethod = "S256" configureOAuthClient() + } else if GenOAuth.Provider == Providers.Discord { + setDefaultsDiscord() + configureOAuthClient() } else { // OIDC, OpenStax, Nextcloud configureOAuthClient() @@ -270,6 +276,25 @@ func setDefaultsGitHub() { GenOAuth.CodeChallengeMethod = "S256" } +func setDefaultsDiscord() { + // log.Info("configuring GitHub OAuth") + if GenOAuth.AuthURL == "" { + GenOAuth.AuthURL = "https://discord.com/oauth2/authorize" + } + if GenOAuth.TokenURL == "" { + GenOAuth.TokenURL = "https://discord.com/api/oauth2/token" + } + if GenOAuth.UserInfoURL == "" { + GenOAuth.UserInfoURL = "https://discord.com/api/users/@me" + } + if len(GenOAuth.Scopes) == 0 { + //Required for UserInfo URL + //https://discord.com/developers/docs/resources/user#get-current-user + GenOAuth.Scopes = []string{"identify"} + } + GenOAuth.CodeChallengeMethod = "S256" +} + func configureOAuthClient() { log.Infof("configuring %s OAuth with Endpoint %s", GenOAuth.Provider, GenOAuth.AuthURL) OAuthClient = &oauth2.Config{ diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go new file mode 100644 index 00000000..e6c293ec --- /dev/null +++ b/pkg/providers/discord/discord.go @@ -0,0 +1,66 @@ +/* + +Copyright 2020 The Vouch Proxy Authors. +Use of this source code is governed by The MIT License (MIT) that +can be found in the LICENSE file. Software distributed under The +MIT License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES +OR CONDITIONS OF ANY KIND, either express or implied. + +*/ + +package discord + +import ( + "encoding/json" + "io/ioutil" + "net/http" + + "golang.org/x/oauth2" + + "github.com/vouch/vouch-proxy/pkg/cfg" + "github.com/vouch/vouch-proxy/pkg/providers/common" + "github.com/vouch/vouch-proxy/pkg/structs" + "go.uber.org/zap" +) + +// Provider provider specific functions +type Provider struct{} + +var log *zap.SugaredLogger + +// Configure see main.go configure() +func (Provider) Configure() { + log = cfg.Logging.Logger +} + +// GetUserInfo provider specific call to get userinfomation +func (Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens, opts ...oauth2.AuthCodeOption) (rerr error) { + client, _, err := common.PrepareTokensAndClient(r, ptokens, true, opts...) + if err != nil { + return err + } + userinfo, err := client.Get(cfg.GenOAuth.UserInfoURL) + if err != nil { + return err + } + defer func() { + if err := userinfo.Body.Close(); err != nil { + rerr = err + } + }() + data, _ := ioutil.ReadAll(userinfo.Body) + log.Infof("Discord userinfo body: %s", string(data)) + if err = common.MapClaims(data, customClaims); err != nil { + log.Error(err) + return err + } + discordUser := structs.DiscordUser{} + if err = json.Unmarshal(data, &discordUser); err != nil { + log.Error(err) + return err + } + discordUser.PrepareUserData() + user.Username = discordUser.PreparedUsername + user.Email = discordUser.Email + return nil +} diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index bccc0180..5abcaca7 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -10,7 +10,10 @@ OR CONDITIONS OF ANY KIND, either express or implied. package structs -import "strconv" +import ( + "fmt" + "strconv" +) // CustomClaims Temporary struct storing custom claims until JWT creation. type CustomClaims struct { @@ -148,7 +151,7 @@ type Contact struct { Verified bool `json:"is_verified"` } -//OpenStaxUser is a retrieved and authenticated user from OpenStax Accounts +// OpenStaxUser is a retrieved and authenticated user from OpenStax Accounts type OpenStaxUser struct { User Contacts []Contact `json:"contact_infos"` @@ -240,3 +243,19 @@ type PTokens struct { PAccessToken string PIdToken string } + +// DiscordUser deserializes values from the Discord User Object: https://discord.com/developers/docs/resources/user#user-object-user-structure +type DiscordUser struct { + Id string `json:"id"` + Username string `json:"username"` + Discriminator string `json:"discriminator"` + PreparedUsername string + Email string `json:"email"` + Verified bool `json:"verified"` +} + +// PrepareUserData copies the Username and Discriminator in the format that Discord guarantees to be unique +// https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" +func (u *DiscordUser) PrepareUserData() { + u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator) +} From 89a7df304c2c165bed903c9177d5660611362763 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Wed, 5 Apr 2023 00:17:36 -0700 Subject: [PATCH 02/13] Discord should also ask for the email by default --- pkg/cfg/oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cfg/oauth.go b/pkg/cfg/oauth.go index e7e2f644..9fdde680 100644 --- a/pkg/cfg/oauth.go +++ b/pkg/cfg/oauth.go @@ -290,7 +290,7 @@ func setDefaultsDiscord() { if len(GenOAuth.Scopes) == 0 { //Required for UserInfo URL //https://discord.com/developers/docs/resources/user#get-current-user - GenOAuth.Scopes = []string{"identify"} + GenOAuth.Scopes = []string{"identify", "email"} } GenOAuth.CodeChallengeMethod = "S256" } From a1eecf6477fc8676854d3e584030bf40c4d42a63 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Mon, 26 Jun 2023 23:17:36 -0700 Subject: [PATCH 03/13] Use global name if discriminator has been cleared --- pkg/providers/discord/discord.go | 7 +++++-- pkg/structs/structs.go | 9 +++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index e6c293ec..b4431174 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -12,7 +12,7 @@ package discord import ( "encoding/json" - "io/ioutil" + "io" "net/http" "golang.org/x/oauth2" @@ -48,7 +48,10 @@ func (Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims *s rerr = err } }() - data, _ := ioutil.ReadAll(userinfo.Body) + data, err := io.ReadAll(userinfo.Body) + if err != nil { + return err + } log.Infof("Discord userinfo body: %s", string(data)) if err = common.MapClaims(data, customClaims); err != nil { log.Error(err) diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index 5abcaca7..70ed0b13 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -249,13 +249,18 @@ type DiscordUser struct { Id string `json:"id"` Username string `json:"username"` Discriminator string `json:"discriminator"` - PreparedUsername string + GlobalName string `json:"global_name"` Email string `json:"email"` Verified bool `json:"verified"` + PreparedUsername string } // PrepareUserData copies the Username and Discriminator in the format that Discord guarantees to be unique // https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" func (u *DiscordUser) PrepareUserData() { - u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator) + if u.Discriminator != "0" { + u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator) + return + } + u.PreparedUsername = u.GlobalName } From a27c1d7a31ea7f9736358b69c4f0af22474bfbff Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Mon, 26 Jun 2023 23:39:48 -0700 Subject: [PATCH 04/13] Use the username instead of global name for ident --- pkg/structs/structs.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index 70ed0b13..5db89df1 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -258,9 +258,8 @@ type DiscordUser struct { // PrepareUserData copies the Username and Discriminator in the format that Discord guarantees to be unique // https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" func (u *DiscordUser) PrepareUserData() { + u.PreparedUsername = u.Username if u.Discriminator != "0" { u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator) - return } - u.PreparedUsername = u.GlobalName } From c9d5b76aef4e4297e3380905dff23cff213e14ad Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Wed, 5 Apr 2023 00:25:39 -0700 Subject: [PATCH 05/13] Added changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe104235..c8b2d38b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Coming soon! Please document any work in progress here as part of your PR. It will be moved to the next tag when released. +* Implement a Discord provider that uses `Username` as the username to match against in the `whiteList` config + * Or uses `Username#Discriminator` if the Discriminator is present + * Or uses ID if `discord_use_ids` is set + ## v0.40.0 - upgrade golang to `v1.22` from `v1.18` From 89c0df9864842e76865ffd4dac0bfad88405a53e Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Wed, 5 Apr 2023 00:26:29 -0700 Subject: [PATCH 06/13] Add Discord provider config example --- config/config.yml_example_discord | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 config/config.yml_example_discord diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord new file mode 100644 index 00000000..f5259947 --- /dev/null +++ b/config/config.yml_example_discord @@ -0,0 +1,22 @@ + +# Vouch Proxy configuration +# bare minimum to get Vouch Proxy running with OpenID Connect (such as okta) + +vouch: + domains: + - yourdomain.com + # whiteList is a list of username#discriminator that will allow a login if allowAllUsers is false + whiteList: + - loganintech#0001 + + cookie: + # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) + secure: false + # vouch.cookie.domain must be set when enabling allowAllUsers + # domain: yourdomain.com + +oauth: + provider: discord + client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx + client_secret: xxxxxxxxxxxxxxxxxxxxxxxx + callback_url: http://vouch.yourdomain.com:9090/auth From 4bef475d9a75dcec9211b4384ad0c87ff74d1b5d Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Wed, 3 May 2023 13:12:19 -0700 Subject: [PATCH 07/13] Discord changed their minds on unique usernames, so let's change our implementation to reflect that --- config/config.yml_example_discord | 4 ++-- pkg/providers/discord/discord.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord index f5259947..bcc3b8d9 100644 --- a/config/config.yml_example_discord +++ b/config/config.yml_example_discord @@ -5,9 +5,9 @@ vouch: domains: - yourdomain.com - # whiteList is a list of username#discriminator that will allow a login if allowAllUsers is false + # whiteList is a list of user ids that will allow a login if allowAllUsers is false whiteList: - - loganintech#0001 + - 12341234123412345 cookie: # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index b4431174..4c6c984e 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -12,7 +12,7 @@ package discord import ( "encoding/json" - "io" + "io/ioutil" "net/http" "golang.org/x/oauth2" From c2506bd857095cb818201b093d9e0cd15e6201ca Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Dec 2023 00:07:05 -0800 Subject: [PATCH 08/13] Updates with some messaging on new vs old username formats --- config/config.yml_example_discord | 8 +++++--- pkg/structs/structs.go | 6 ++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord index bcc3b8d9..1d4fd3cc 100644 --- a/config/config.yml_example_discord +++ b/config/config.yml_example_discord @@ -1,13 +1,15 @@ # Vouch Proxy configuration -# bare minimum to get Vouch Proxy running with OpenID Connect (such as okta) +# bare minimum to get Vouch Proxy running with Discord as an OpenID Provider vouch: domains: - yourdomain.com - # whiteList is a list of user ids that will allow a login if allowAllUsers is false + # whiteList is a list of usernames that will allow a login if allowAllUsers is false whiteList: - - 12341234123412345 + - loganintech + # If the user still hasn't chosen a new username, the old username#discrimnator format will work + - LoganInTech#1203 cookie: # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index 5db89df1..e709237b 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -255,8 +255,10 @@ type DiscordUser struct { PreparedUsername string } -// PrepareUserData copies the Username and Discriminator in the format that Discord guarantees to be unique -// https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" +// PrepareUserData copies the Username to PreparedUsername. If the Discriminator is present that is +// appended to the Username in the format "Username#Discriminator" to match the old format of Discord usernames +// Previous format which is being phased out: https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" +// Details about the new username requirements: https://support.discord.com/hc/en-us/articles/12620128861463 func (u *DiscordUser) PrepareUserData() { u.PreparedUsername = u.Username if u.Discriminator != "0" { From 648c98ebe49af361a9db9182a22a5b08f1ece1ee Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:12:05 -0700 Subject: [PATCH 09/13] Rebased --- pkg/providers/discord/discord.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index 4c6c984e..82d12a73 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -12,15 +12,16 @@ package discord import ( "encoding/json" - "io/ioutil" + "io" "net/http" "golang.org/x/oauth2" + "go.uber.org/zap" + "github.com/vouch/vouch-proxy/pkg/cfg" "github.com/vouch/vouch-proxy/pkg/providers/common" "github.com/vouch/vouch-proxy/pkg/structs" - "go.uber.org/zap" ) // Provider provider specific functions From 4539c4942d2e0967068232ce8110671d76c19646 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:37:45 -0700 Subject: [PATCH 10/13] Updated discord provider to optionally match user IDs instead of username --- config/config.yml_example_discord | 7 +++++++ pkg/cfg/oauth.go | 6 +++++- pkg/providers/discord/discord.go | 4 +++- pkg/structs/structs.go | 26 ++++++++++++++++++-------- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord index 1d4fd3cc..3323d5a9 100644 --- a/config/config.yml_example_discord +++ b/config/config.yml_example_discord @@ -7,10 +7,15 @@ vouch: - yourdomain.com # whiteList is a list of usernames that will allow a login if allowAllUsers is false whiteList: + # The default behavior matches the Discord user's username - loganintech + # If the user still hasn't chosen a new username, the old username#discrimnator format will work - LoganInTech#1203 + # If discord_use_ids is set to true, you must use the user's ID + - 81255545020878848 + cookie: # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) secure: false @@ -22,3 +27,5 @@ oauth: client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx client_secret: xxxxxxxxxxxxxxxxxxxxxxxx callback_url: http://vouch.yourdomain.com:9090/auth + ## Uncomment this to match users based on their Discord ID + # discord_use_ids: true diff --git a/pkg/cfg/oauth.go b/pkg/cfg/oauth.go index 9fdde680..3992f891 100644 --- a/pkg/cfg/oauth.go +++ b/pkg/cfg/oauth.go @@ -85,6 +85,7 @@ type oauthConfig struct { PreferredDomain string `mapstructure:"preferredDomain"` AzureToken string `mapstructure:"azure_token" envconfig:"azure_token"` CodeChallengeMethod string `mapstructure:"code_challenge_method" envconfig:"code_challenge_method"` + DiscordUseIDs bool `mapstructure:"discord_use_ids" envconfig:"discord_use_ids"` } type oauthClaimsConfig struct { @@ -322,7 +323,10 @@ func checkCallbackConfig(url string) error { } } if !found { - return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s", url, Cfg.Domains, Cfg.Cookie.Domain) + return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s", + url, + Cfg.Domains, + Cfg.Cookie.Domain) } return nil diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index 82d12a73..fb2d1089 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -25,7 +25,9 @@ import ( ) // Provider provider specific functions -type Provider struct{} +type Provider struct { + UseSecureIDs bool +} var log *zap.SugaredLogger diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index e709237b..33979f94 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -13,6 +13,8 @@ package structs import ( "fmt" "strconv" + + "github.com/vouch/vouch-proxy/pkg/cfg" ) // CustomClaims Temporary struct storing custom claims until JWT creation. @@ -246,20 +248,28 @@ type PTokens struct { // DiscordUser deserializes values from the Discord User Object: https://discord.com/developers/docs/resources/user#user-object-user-structure type DiscordUser struct { - Id string `json:"id"` - Username string `json:"username"` - Discriminator string `json:"discriminator"` - GlobalName string `json:"global_name"` - Email string `json:"email"` - Verified bool `json:"verified"` + Id string `json:"id"` + Username string `json:"username"` + Discriminator string `json:"discriminator"` + GlobalName string `json:"global_name"` + Email string `json:"email"` + Verified bool `json:"verified"` + PreparedUsername string } -// PrepareUserData copies the Username to PreparedUsername. If the Discriminator is present that is -// appended to the Username in the format "Username#Discriminator" to match the old format of Discord usernames +// PrepareUserData copies the Username to PreparedUsername. +// If the provider is configured to use IDs, the ID is copied to PreparedUsername. +// If the Discriminator is present that is appended to the Username in the format "Username#Discriminator" +// to match the old format of Discord usernames // Previous format which is being phased out: https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" // Details about the new username requirements: https://support.discord.com/hc/en-us/articles/12620128861463 func (u *DiscordUser) PrepareUserData() { + if cfg.GenOAuth.DiscordUseIDs { + u.PreparedUsername = u.Id + return + } + u.PreparedUsername = u.Username if u.Discriminator != "0" { u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator) From 6bacd9e53e2f46a33edf47fb5dda64c746441b04 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:38:28 -0700 Subject: [PATCH 11/13] Remove unused provider prop --- pkg/providers/discord/discord.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index fb2d1089..82d12a73 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -25,9 +25,7 @@ import ( ) // Provider provider specific functions -type Provider struct { - UseSecureIDs bool -} +type Provider struct{} var log *zap.SugaredLogger From d30df4ffc825be9d48f5c5fcd21da73d9fa7b4c9 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:43:42 -0700 Subject: [PATCH 12/13] Use example discord user ID instead of my actual user ID --- config/config.yml_example_discord | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord index 3323d5a9..6a197b45 100644 --- a/config/config.yml_example_discord +++ b/config/config.yml_example_discord @@ -14,7 +14,7 @@ vouch: - LoganInTech#1203 # If discord_use_ids is set to true, you must use the user's ID - - 81255545020878848 + - 12345678901234567 cookie: # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) From 2e8f4cfed630d7fcbe757a6812fbb408daef4f66 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:48:34 -0700 Subject: [PATCH 13/13] Comments --- pkg/cfg/oauth.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/cfg/oauth.go b/pkg/cfg/oauth.go index 3992f891..73a96eeb 100644 --- a/pkg/cfg/oauth.go +++ b/pkg/cfg/oauth.go @@ -85,7 +85,9 @@ type oauthConfig struct { PreferredDomain string `mapstructure:"preferredDomain"` AzureToken string `mapstructure:"azure_token" envconfig:"azure_token"` CodeChallengeMethod string `mapstructure:"code_challenge_method" envconfig:"code_challenge_method"` - DiscordUseIDs bool `mapstructure:"discord_use_ids" envconfig:"discord_use_ids"` + // DiscordUseIDs defaults to false, maintaining the more common username checking behavior + // If set to true, match the Discord user's ID instead of their username + DiscordUseIDs bool `mapstructure:"discord_use_ids" envconfig:"discord_use_ids"` } type oauthClaimsConfig struct {