I have configured ood to authenticate users with OpenID Connect. When a user logs in (or perhaps when their PUN server is started), I would like to be able to:
- Run an arbitrary initialization script
- Access claims returned by the OpenID Connect Identity Provider
Is there some sort of hook that would allow me to run an arbitrary script when a user logs on? Is the data returned when a user is authenticated available to me somewhere? Is there some other solution that will help me achieve my two goals?
I’ve looked through the nginx stage configuration, but did not see anything that would help me. I also know that it is possible to setup a script that maps remote authenticated usernames to local usernames. So, in theory, this script could perform actions other than mapping usernames, but that seems like an abuse of the trigger and it also gets triggered on every HTTP request sent to the OnDemand portal, not just when a user authenticates.
As for accessing claims, it seems to imply in the examples of “Setup User Mapping” that you should be able to access a claim like preferred_username via the environment variable “OIDC_CLAIM_preferred_username”. Is this a valid approach and is there more documentation on getting claims from environment variables somewhere?
nginx stage configuration: https://osc.github.io/ood-documentation/master/infrastructure/nginx-stage/configuration.html
user mapping: https://osc.github.io/ood-documentation/master/authentication/overview/map-user.html
Thanks in advance.