feat(ops/keycloak): use preferred_username claim from Bornhack IdP

Since https://github.com/bornhack/bornhack-website/pull/1838, users can set their preferred username there, so it can be correctly propagated to Keycloak. Change-Id: If492d4b92b420c07b9e1450883ccb30a18802a42 Reviewed-on: https://cl.snix.dev/c/snix/+/30424 Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: Florian Klink <flokli@flokli.de>
2025-05-04 15:42:22 +03:00 · 2025-05-04 15:42:22 +03:00 · b04011dd53
commit b04011dd53
parent 759f15390c
1 changed files with 14 additions and 13 deletions
--- a/ops/keycloak/identity_providers.tf
+++ b/ops/keycloak/identity_providers.tf
@ -70,18 +70,19 @@ resource "keycloak_oidc_identity_provider" "bornhack" {
  }
 }

-# Bornhack uses a uuid as `sub`, and has an additional `nickname` claim, which we use.
-# Normally, we'd simply import this as the username, but for now we cannot, due to
+# Bornhack uses a uuid as `sub`, and has an additional `preferred_username` claim,
+# which we use.
+# See https://bornhack.dk/profile/oidc/?scopes=profile for an overview.
 # https://github.com/bornhack/bornhack-website/issues/1837
-# resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" {
-#   realm = keycloak_realm.snix.id
-#   name = "bornhack_nickname"
-#   identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias
-#   identity_provider_mapper = "oidc-user-attribute-idp-mapper"
+resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" {
+  realm = keycloak_realm.snix.id
+  name = "bornhack_preferred_username"
+  identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias
+  identity_provider_mapper = "oidc-user-attribute-idp-mapper"

-#   extra_config = {
-#     syncMode = "INHERIT"
-#     claim = "nickname"
-#     "user.attribute" = "username"
-#   }
-# }
+  extra_config = {
+    syncMode = "INHERIT"
+    claim = "preferred_username"
+    "user.attribute" = "username"
+  }
+}