Last active
May 17, 2020 17:17
-
-
Save janakamarasena/82cb4e353e409a10bed18cdf11fa76d0 to your computer and use it in GitHub Desktop.
Blog - complete account linking script combining scenario 1(advance) and scenario 2 scripts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var onLoginRequest = function onLoginRequest(context) { | |
| var isLinkRequest = false; | |
| if (context.request.params.isLinkRequest !== null) { | |
| // Get the isLinkRequest param value from the request | |
| isLinkRequest = context.request.params.isLinkRequest[0]; | |
| } | |
| var fedIdp; | |
| if (isLinkRequest == "true") { | |
| // If it is an account linking request then | |
| // get the federated Idp name | |
| fedIdp = context.request.params.fedIdp[0]; | |
| } | |
| var localUser; | |
| var fedUser; | |
| executeStep(1, | |
| { | |
| onSuccess: function (context) { | |
| var idpName = context.steps[1].idp; | |
| if (idpName === "LOCAL") { | |
| // Get the local user | |
| localUser = context.currentKnownSubject; | |
| } | |
| // Only execute this flow when the user login from the google idp. | |
| // If you want to target all your idps you can use something like | |
| // idpName !== "LOCAL" | |
| if (idpName === "google") { | |
| fedUser = context.currentKnownSubject; | |
| // Check is there is already a user association | |
| var assocUser = getAssociatedLocalUser(fedUser); | |
| if (assocUser == null) { | |
| var claimMap = {}; | |
| claimMap["http://wso2.org/claims/emailaddress"] = fedUser.remoteClaims.email; | |
| // getUniqueUserWithClaimValues(<claims to match the user>, <tenant domain>) | |
| var storedLocalUser = getUniqueUserWithClaimValues(claimMap, "carbon.super"); | |
| if (storedLocalUser !== null) { | |
| // Prompt a screen showing info on the user association | |
| prompt("associationConsentForm", { "email": fedUser.remoteClaims.email }, { | |
| onSuccess: function (context) { | |
| // Get the user decision to associate from the prompt | |
| var decision = context.request.params.decision[0]; | |
| if (decision === "yes") { | |
| // Perform basic authenticaion to confirm account ownership | |
| executeStep(3, | |
| { | |
| onSuccess: function (context) { | |
| // Get the authenticated user from basic authentication step | |
| var authUser = context.steps[3].subject; | |
| // Do the account linking | |
| doAssociationWithLocalUser(fedUser, authUser.username, authUser.tenantDomain, authUser.userStoreDomain); | |
| } | |
| }); | |
| } | |
| } | |
| }); | |
| } | |
| } | |
| } | |
| } | |
| }); | |
| // Check whether this authentication request is to trigger | |
| // the user linking flow | |
| if (isLinkRequest == "true") { | |
| executeStep(2, | |
| { | |
| authenticationOptions: [ | |
| { | |
| // If there are multiple federated IDPs in step two we | |
| // point to which IDP we need to do the association with | |
| idp: fedIdp | |
| }] | |
| }, | |
| { | |
| onSuccess: function (context) { | |
| // Get the federated user | |
| var fedUser = context.steps[2].subject; | |
| // Link the federated user with the local user | |
| doAssociationWithLocalUser(fedUser, localUser.username, localUser.tenantDomain, localUser.userStoreDomain); | |
| // This is optional. If there are any claims comming from the federated user | |
| // you can add them to the local user | |
| localUser.localClaims["http://wso2.org/claims/gtalk"] = fedUser.remoteClaims.email; | |
| } | |
| }); | |
| } | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment