From b04011dd53abe74b6d42e0c1e2c451ac8233bc12 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 4 May 2025 15:42:22 +0300
Subject: [PATCH] feat(ops/keycloak): use preferred_username claim from
 Bornhack IdP

Since https://github.com/bornhack/bornhack-website/pull/1838, users can
set their preferred username there, so it can be correctly propagated
to Keycloak.

Change-Id: If492d4b92b420c07b9e1450883ccb30a18802a42
Reviewed-on: https://cl.snix.dev/c/snix/+/30424
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
---
 ops/keycloak/identity_providers.tf | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/ops/keycloak/identity_providers.tf b/ops/keycloak/identity_providers.tf
index 418476d8e..c528acd16 100644
--- a/ops/keycloak/identity_providers.tf
+++ b/ops/keycloak/identity_providers.tf
@@ -70,18 +70,19 @@ resource "keycloak_oidc_identity_provider" "bornhack" {
   }
 }
 
-# Bornhack uses a uuid as `sub`, and has an additional `nickname` claim, which we use.
-# Normally, we'd simply import this as the username, but for now we cannot, due to
+# Bornhack uses a uuid as `sub`, and has an additional `preferred_username` claim,
+# which we use.
+# See https://bornhack.dk/profile/oidc/?scopes=profile for an overview.
 # https://github.com/bornhack/bornhack-website/issues/1837
-# resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" {
-#   realm = keycloak_realm.snix.id
-#   name = "bornhack_nickname"
-#   identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias
-#   identity_provider_mapper = "oidc-user-attribute-idp-mapper"
+resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" {
+  realm = keycloak_realm.snix.id
+  name = "bornhack_preferred_username"
+  identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias
+  identity_provider_mapper = "oidc-user-attribute-idp-mapper"
 
-#   extra_config = {
-#     syncMode = "INHERIT"
-#     claim = "nickname"
-#     "user.attribute" = "username"
-#   }
-# }
+  extra_config = {
+    syncMode = "INHERIT"
+    claim = "preferred_username"
+    "user.attribute" = "username"
+  }
+}