From fb106b7fa6bd0ad2920672949a68d1b30828aaa0 Mon Sep 17 00:00:00 2001
From: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
Date: Wed, 20 Apr 2022 15:30:50 +0200
Subject: [PATCH] Do not fail when uid/gid are missing

---
 pkg/auth/manager/oidc/oidc.go | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go
index c0cd2748314..0552309de93 100644
--- a/pkg/auth/manager/oidc/oidc.go
+++ b/pkg/auth/manager/oidc/oidc.go
@@ -198,16 +198,11 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 	if claims["email"] == nil {
 		return nil, nil, fmt.Errorf("no \"email\" attribute found in userinfo: maybe the client did not request the oidc \"email\"-scope")
 	}
-	if uid, ok := claims[am.c.UIDClaim].(float64); ok {
-		claims[am.c.UIDClaim] = int64(uid)
-	} else {
-		return nil, nil, fmt.Errorf("malformed or missing uid claim in userinfo: '%v'", claims[am.c.UIDClaim])
-	}
-	if gid, ok := claims[am.c.GIDClaim].(float64); ok {
-		claims[am.c.GIDClaim] = int64(gid)
-	} else {
-		return nil, nil, fmt.Errorf("malformed or missing gid claim in userinfo: '%v'", claims[am.c.GIDClaim])
-	}
+
+	uid, _ := claims[am.c.UIDClaim].(float64)
+	claims[am.c.UIDClaim] = int64(uid) // in case the uid claim is missing, resolveUser() should populate it
+	gid, _ := claims[am.c.GIDClaim].(float64)
+	claims[am.c.GIDClaim] = int64(gid)
 
 	err = am.resolveUser(ctx, claims)
 	if err != nil {