OIDC: Retrieve promotion from OIDC claims

auth_oidc.go

@@ -105,15 +105,17 @@ func OIDC_CRI_complete(c *gin.Context) {
 	}
 
 	var claims struct {
-		Firstname string                   `json:"given_name"`
-		Lastname  string                   `json:"family_name"`
-		Nickname  string                   `json:"nickname"`
-		Username  string                   `json:"preferred_username"`
-		Email     string                   `json:"email"`
-		Groups    []map[string]interface{} `json:"groups"`
+		Firstname       string                   `json:"given_name"`
+		Lastname        string                   `json:"family_name"`
+		Username        string                   `json:"preferred_username"`
+		Email           string                   `json:"email"`
+		Groups          []map[string]interface{} `json:"groups"`
+		Campuses        []string                 `json:"campuses"`
+		GraduationYears []uint                   `json:"graduation_years"`
 	}
 	if err := idToken.Claims(&claims); err != nil {
-		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
+		log.Println("Unable to extract claims to Claims:", err.Error())
+		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Something goes wrong when analyzing your claims. Contact administrator to fix the issue."})
 		return
 	}
 
@@ -124,7 +126,16 @@ func OIDC_CRI_complete(c *gin.Context) {
 		}
 	}
 
-	if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, groups, session); err != nil {
+	var promo uint
+	if len(claims.GraduationYears) > 0 {
+		for _, gy := range claims.GraduationYears {
+			if gy > promo {
+				promo = gy
+			}
+		}
+	}
+
+	if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, session); err != nil {
 		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
 		return
 	}