Adjust email extraction to latest changes (ref #55)

doorman/jwt_auth0_mozilla.go

@@ -9,10 +9,11 @@ import (
 
 // MozillaClaims uses specific attributes for emails and groups
 type MozillaClaims struct {
-	Subject  string       `json:"sub,omitempty"`
-	Audience jwt.Audience `json:"aud,omitempty"`
-	Emails   []string     `json:"https://sso.mozilla.com/claim/emails,omitempty"`
-	Groups   []string     `json:"https://sso.mozilla.com/claim/groups,omitempty"`
+	Subject  string       `json:"sub"`
+	Audience jwt.Audience `json:"aud"`
+	Email    string       `json:"email"`
+	Emails   []string     `json:"https://sso.mozilla.com/claim/emails"`
+	Groups   []string     `json:"https://sso.mozilla.com/claim/groups"`
 }
 
 // MozillaAuth0Validator is the implementation of JWTValidator for Auth0.
@@ -39,10 +40,17 @@ func (v *MozillaAuth0Validator) ExtractClaims(request *http.Request) (*Claims, e
 	if err != nil {
 		return nil, err
 	}
+
+	// In case the JWT was not requested with the profile or email scope.
+	email := mozclaims.Email
+	if email == "" && len(mozclaims.Emails) > 0 {
+		email = mozclaims.Emails[0]
+	}
+
 	claims := Claims{
 		Subject:  mozclaims.Subject,
 		Audience: mozclaims.Audience,
-		Email:    mozclaims.Emails[0],
+		Email:    email,
 		Groups:   mozclaims.Groups,
 	}
 	return &claims, nil

doorman/jwt_auth0_mozilla_test.go

@@ -33,4 +33,11 @@ func TestMozillaAuth0ExtractClaims(t *testing.T) {
 	assert.Contains(t, claims.Subject, "|Mozilla-LDAP|")
 	assert.Contains(t, claims.Email, "@mozilla.com")
 	assert.Contains(t, claims.Groups, "cloudservices_dev", "irccloud")
+
+	// Email provided in `email` field instead of https://sso.../emails list
+	r, _ = http.NewRequest("GET", "/", nil)
+	r.Header.Set("Authorization", "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1rWkRORGN5UmtOR1JURkROamxCTmpaRk9FSkJOMFpCTnpKQlFUTkVNRGhDTUVFd05rRkdPQSJ9.eyJuYW1lIjoiTWF0aGlldSBMZXBsYXRyZSIsImdpdmVuX25hbWUiOiJNYXRoaWV1IiwiZmFtaWx5X25hbWUiOiJMZXBsYXRyZSIsIm5pY2tuYW1lIjoiTWF0aGlldSBMZXBsYXRyZSIsInBpY3R1cmUiOiJodHRwczovL3MuZ3JhdmF0YXIuY29tL2F2YXRhci85NzE5N2YwMTFhM2Q5ZDQ5NGFlODEzNTY2ZjI0Njc5YT9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRm1sLnBuZyIsInVwZGF0ZWRfYXQiOiIyMDE3LTEyLTEzVDIzOjE0OjQ0LjUzOVoiLCJlbWFpbCI6Im1sZXBsYXRyZUBtb3ppbGxhLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc3MiOiJodHRwczovL2F1dGgubW96aWxsYS5hdXRoMC5jb20vIiwic3ViIjoiYWR8TW96aWxsYS1MREFQfG1sZXBsYXRyZSIsImF1ZCI6IlNMb2NmN1NhMWliZDVHTkpNTXFPNTM5ZzdjS3ZXQk9JIiwiZXhwIjoxNTEzODExNjg0LCJpYXQiOjE1MTMyMDY4ODQsIm5vbmNlIjoickhOSXF5bGM3SE54MmFhNjktay1SbVA1Y3VqVWNudUkiLCJhdF9oYXNoIjoiZllPZzB6elNHSk1ZWlZTNFRsLXV3dyIsImh0dHBzOi8vc3NvLm1vemlsbGEuY29tL2NsYWltL2dyb3VwcyI6WyJJbnRyYW5ldFdpa2kiLCJTdGF0c0Rhc2hib2FyZCIsInBob25lYm9va19hY2Nlc3MiLCJjb3JwLXZwbiIsInZwbl9jb3JwIiwidnBuX2RlZmF1bHQiLCJDbG91ZHNlcnZpY2VzV2lraSIsInRlYW1fbW9jbyIsImlyY2Nsb3VkIiwib2t0YV9tZmEiLCJjbG91ZHNlcnZpY2VzX2RldiIsInZwbl9raW50bzFfc3RhZ2UiLCJ2cG5fa2ludG8xX3Byb2QiLCJlZ2VuY2lhX2RlIiwiYWN0aXZlX3NjbV9sZXZlbF8xIiwiYWxsX3NjbV9sZXZlbF8xIiwic2VydmljZV9zYWZhcmlib29rcyIsImV2ZXJ5b25lIl0sImh0dHBzOi8vc3NvLm1vemlsbGEuY29tL2NsYWltL1JFQURNRV9GSVJTVCI6IlBsZWFzZSByZWZlciB0byBodHRwczovL2dpdGh1Yi5jb20vbW96aWxsYS1pYW0vcGVyc29uLWFwaSBpbiBvcmRlciB0byBxdWVyeSBNb3ppbGxhIElBTSBDSVMgdXNlciBwcm9maWxlIGRhdGEifQ.EnF3oPHm90ZXnJ4egJqr-4eTaHMw-16beuZlvC66UsIehX7nBooP4VRfMW7KLwOHEnVVGV8jlxgn5p3Dnv1V_W6Yx4PLw7loeKrfhnEKw9onaH3frR_Vo0Y0-MgH4VnCbTwtGHsAfl32j2EoDljXYCqPhYCXD4H25o51lemAoKU3xWamF629FjooyhFTZPVI6JzKkOt39dQjALtXL9EVYRk0ameohHzOT0ZHA57H83FTrPmY_Jy5MWxv1aswcbzcENU1HsFEEkxkRCnGiosxYkStmDo957OQ0IXgNxdNe4VVXzuy5YiNmsjN-IF4tOADLFK5KnLHi4OBOGYiiRiJcQ")
+	claims, err = validator.ExtractClaims(r)
+	require.Nil(t, err)
+	assert.Contains(t, claims.Email, "@mozilla.com")
 }

examples/python/ui/main.js

@@ -3,7 +3,7 @@ const SERVICE_URL = 'http://localhost:8000'
 const AUTH0_CLIENT_ID = 'SLocf7Sa1ibd5GNJMMqO539g7cKvWBOI';
 const AUTH0_DOMAIN = 'auth.mozilla.auth0.com';
 const AUTH0_CALLBACK_URL = window.location.href;
-const SCOPES = 'openid profile';
+const SCOPES = 'openid profile email';
 
 
 document.addEventListener('DOMContentLoaded', main);