fix: Fixes custom claims

salehkhazaei · Nov 22, 2024 · 3101cd5 · 3101cd5
1 parent 079a2ad
commit 3101cd5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -187,7 +187,7 @@ jobs:
       - name: Generate build provenance attestation
         uses: actions/attest-build-provenance@210c1913531870065f03ce1f9440dd87bc0938cd # v1.4.0
         with:
-          subject-name: ghcr.io/dexidp/dex
+          subject-name: ghcr.io/salehkhazaei/dex
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: true
         if: inputs.publish

diff --git a/server/oauth2.go b/server/oauth2.go
@@ -464,8 +464,6 @@ func (s *Server) newIDToken(ctx context.Context, clientID string, claims storage
 		}
 	}
 
-	tok.CustomClaims = s.customClaims
-
 	tok.Audience = getAudience(clientID, scopes)
 	if len(tok.Audience) > 1 {
 		// The current client becomes the authorizing party.
@@ -478,6 +476,7 @@ func (s *Server) newIDToken(ctx context.Context, clientID string, claims storage
 		"sanitizeBucketName": sanitizeBucketName,
 	}
 
+	tok.CustomClaims = map[string]string{}
 	for k, templateText := range s.customClaims {
 		tmpl, err := template.New("custom_claims").Funcs(funcMap).Parse(templateText)
 		if err != nil {
@@ -487,7 +486,11 @@ func (s *Server) newIDToken(ctx context.Context, clientID string, claims storage
 		b := strings.Builder{}
 		tmpl.Execute(&b, tok)
 
-		tok.CustomClaims[k] = b.String()
+		if k == "preferred_username" {
+			tok.PreferredUsername = b.String()
+		} else {
+			tok.CustomClaims[k] = b.String()
+		}
 	}
 
 	payload, err := json.Marshal(tok)