From f302f60b36b169eda2f9a3b165cb4e8e9bc3910b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Robles?= <felix@sequentech.io>
Date: Fri, 27 Sep 2024 15:17:17 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9E=20no=20way=20to=20use=20different?=
 =?UTF-8?q?=20source=5Fclaim=20in=20each=20of=20oidc=20providers=20(#359)?=
 =?UTF-8?q?=20(#360)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Parent issue: https://github.com/sequentech/meta/issues/768
---
 iam/authmethods/m_openidconnect.py |  2 +-
 iam/authmethods/utils.py           | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/iam/authmethods/m_openidconnect.py b/iam/authmethods/m_openidconnect.py
index b99fc8b2..7c03cf79 100644
--- a/iam/authmethods/m_openidconnect.py
+++ b/iam/authmethods/m_openidconnect.py
@@ -535,7 +535,7 @@ def authenticate(self, auth_event, request, mode='authenticate'):
 
         # once we have verified id_token_dict, then we can populate req with
         # data from the verified claims contained in id_token_dict
-        req = populate_fields_from_source_claims(req, id_token_dict, auth_event)
+        req = populate_fields_from_source_claims(req, id_token_dict, auth_event, provider_id)
         LOGGER.debug(
             f"populated request is {req}\n"
         )
diff --git a/iam/authmethods/utils.py b/iam/authmethods/utils.py
index 3a3f0ae1..fe0ffa3e 100644
--- a/iam/authmethods/utils.py
+++ b/iam/authmethods/utils.py
@@ -1732,7 +1732,7 @@ def get_base_auth_query(auth_event, ignore_generated_code=False):
         )
     return q
 
-def populate_fields_from_source_claims(req, id_token_dict, auth_event):
+def populate_fields_from_source_claims(req, id_token_dict, auth_event, provider_id):
     '''
     once verified id_token_dict, this function populates req with data from the
     verified claims contained in id_token_dict
@@ -1745,6 +1745,18 @@ def populate_fields_from_source_claims(req, id_token_dict, auth_event):
             continue
 
         source_claim = extra_field["source_claim"]
+
+        if source_claim is None:
+            continue
+
+        # If source_claim is a dict, get the source_claim for the provider_id
+        if isinstance(source_claim, dict):
+            if provider_id in source_claim:
+                source_claim = source_claim[provider_id]
+            else:
+                # Skip if provider_id not found in source_claim map
+                continue
+
         if source_claim not in id_token_dict:
             continue