From f74ba1cbc3667d5de6e6e14e76d934f83728bfdf Mon Sep 17 00:00:00 2001 From: Pudong Date: Mon, 26 Jun 2023 16:37:50 +0800 Subject: [PATCH] Add organization id in claims (#17954) * add OrganizationId in claims. * Update components/gitpod-protocol/go/gitpod-service.go * fix --- components/gitpod-protocol/go/gitpod-service.go | 9 +++++---- .../public-api-server/pkg/apiv1/identityprovider.go | 2 ++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/components/gitpod-protocol/go/gitpod-service.go b/components/gitpod-protocol/go/gitpod-service.go index d0da13f94fe2f0..c3ca2e54262bec 100644 --- a/components/gitpod-protocol/go/gitpod-service.go +++ b/components/gitpod-protocol/go/gitpod-service.go @@ -1682,10 +1682,11 @@ type Workspace struct { // The source where to get the workspace base image from. This source is resolved // during workspace creation. Once a base image has been built the information in here // is superseded by baseImageNameResolved. - ImageSource interface{} `json:"imageSource,omitempty"` - OwnerID string `json:"ownerId,omitempty"` - Pinned bool `json:"pinned,omitempty"` - Shareable bool `json:"shareable,omitempty"` + ImageSource interface{} `json:"imageSource,omitempty"` + OrganizationId string `json:"organizationId,omitempty"` + OwnerID string `json:"ownerId,omitempty"` + Pinned bool `json:"pinned,omitempty"` + Shareable bool `json:"shareable,omitempty"` // Mark as deleted (user-facing). The actual deletion of the workspace content is executed // with a (configurable) delay diff --git a/components/public-api-server/pkg/apiv1/identityprovider.go b/components/public-api-server/pkg/apiv1/identityprovider.go index 1344e6abdb0b49..e45f937e7333c3 100644 --- a/components/public-api-server/pkg/apiv1/identityprovider.go +++ b/components/public-api-server/pkg/apiv1/identityprovider.go @@ -88,6 +88,8 @@ func (srv *IdentityProviderService) GetIDToken(ctx context.Context, req *connect userInfo := oidc.NewUserInfo() userInfo.SetName(user.Name) userInfo.SetSubject(subject) + userInfo.AppendClaims("org_id", workspace.Workspace.OrganizationId) + if email != "" { userInfo.SetEmail(email, user.OrganizationId != "") }