chore: document graphFields and add cast checking

Added comment and a link to MS documentation. Added cast checking to user["id"].(string)
ory · Dec 8, 2023 · 874d9c5 · 874d9c5
1 parent b605170
commit 874d9c5
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go
@@ -91,7 +91,9 @@ func (m *ProviderMicrosoft) updateSubject(ctx context.Context, claims *Claims, e
 		}
 
 		client := m.reg.HTTPClient(ctx, httpx.ResilientClientWithClient(o.Client(ctx, exchange)))
-		graphFields := "accountEnabled,assignedLicenses,assignedPlans,city,country,creationType,deletionTimestamp,department,dirSyncEnabled,displayName,employeeId,facsimileTelephoneNumber,givenName,immutableId,jobTitle,lastDirSyncTime,mail,mailNickname,mobile,objectId,objectType,onPremisesSecurityIdentifier,otherMails,passwordPolicies,passwordProfile,physicalDeliveryOfficeName,postalCode,preferredLanguage,provisionedPlans,provisioningErrors,proxyAddresses,refreshTokensValidFromDateTime,showInAddressList,signInNames,sipProxyAddress,state,streetAddress,surname,telephoneNumber,thumbnailPhoto,usageLocation,userIdentities,userPrincipalName,userType"
+
+		// params to request all user fields from the graph api (User.Read scope) - https://learn.microsoft.com/en-us/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#user-entity
+		graphFields := "id,accountEnabled,assignedLicenses,assignedPlans,city,country,creationType,deletionTimestamp,department,dirSyncEnabled,displayName,employeeId,facsimileTelephoneNumber,givenName,immutableId,jobTitle,lastDirSyncTime,mail,mailNickname,mobile,objectId,objectType,onPremisesSecurityIdentifier,otherMails,passwordPolicies,passwordProfile,physicalDeliveryOfficeName,postalCode,preferredLanguage,provisionedPlans,provisioningErrors,proxyAddresses,refreshTokensValidFromDateTime,showInAddressList,signInNames,sipProxyAddress,state,streetAddress,surname,telephoneNumber,thumbnailPhoto,usageLocation,userIdentities,userPrincipalName,userType"
 		req, err := retryablehttp.NewRequest("GET", "https://graph.microsoft.com/v1.0/me?$select="+graphFields, nil)
 		if err != nil {
 			return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
@@ -112,7 +114,12 @@ func (m *ProviderMicrosoft) updateSubject(ctx context.Context, claims *Claims, e
 			return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to decode JSON from `https://graph.microsoft.com/v1.0/me`: %s", err))
 		}
 
-		claims.Subject = user["id"].(string)
+		ok := false
+		claims.Subject, ok = user["id"].(string)
+		if !ok {
+			return nil, errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to retrieve subject from response"))
+		}
+
 		claims.RawClaims["user"] = user
 	}