diff --git a/config-sample.ini b/config-sample.ini
index f897901639..b747cc7771 100644
--- a/config-sample.ini
+++ b/config-sample.ini
@@ -55,3 +55,16 @@ oauthClientId=
# Set the client secret for OAuth/OpenID authentication
# This is the secret of the client that will be used to verify the user's identity
oauthClientSecret=
+
+# Set the base URL for the OpenID Connect issuer
+# Default value is "https://accounts.google.com"
+issuerBaseUrl=
+
+# Set the name of the OpenID Connect issuer
+# This name will be displayed on the login (/login) interface.
+# Default value is "Google"
+issuerName=
+
+# Set the URL of the icon for the OpenID Connect issuer
+# This icon will be displayed on the login (/login) interface.
+issuerIcon=
diff --git a/src/routes/login.ts b/src/routes/login.ts
index 1b2d42b250..0abd2a211f 100644
--- a/src/routes/login.ts
+++ b/src/routes/login.ts
@@ -18,6 +18,8 @@ function loginPage(req: Request, res: Response) {
wrongTotp: false,
totpEnabled: totp.isTotpEnabled(),
ssoEnabled: openID.isOpenIDEnabled(),
+ ssoName: openID.getSsoName(),
+ ssoIcon: openID.getSsoIcon(),
assetPath: assetPath,
appPath: appPath,
});
diff --git a/src/services/config.ts b/src/services/config.ts
index 1d7cc9dec3..642ca32bac 100644
--- a/src/services/config.ts
+++ b/src/services/config.ts
@@ -45,6 +45,9 @@ export interface TriliumConfig {
oauthBaseUrl: string;
oauthClientId: string;
oauthClientSecret: string;
+ issuerBaseUrl: string;
+ issuerName: string;
+ issuerIcon: string;
};
}
@@ -119,7 +122,16 @@ const config: TriliumConfig = {
process.env.TRILIUM_OAUTH_CLIENT_ID || iniConfig?.MultiFactorAuthentication?.oauthClientId || "",
oauthClientSecret:
- process.env.TRILIUM_OAUTH_CLIENT_SECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || ""
+ process.env.TRILIUM_OAUTH_CLIENT_SECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || "",
+
+ issuerBaseUrl:
+ process.env.TRILIUM_ISSUER_BASE_URL || iniConfig?.MultiFactorAuthentication?.issuerBaseUrl || "https://accounts.google.com",
+
+ issuerName:
+ process.env.TRILIUM_ISSUER_NAME || iniConfig?.MultiFactorAuthentication?.issuerName || "Google",
+
+ issuerIcon:
+ process.env.TRILIUM_ISSUER_ICON || iniConfig?.MultiFactorAuthentication?.issuerIcon || ""
}
};
diff --git a/src/services/open_id.ts b/src/services/open_id.ts
index e45ed65997..7cbc1c02e7 100644
--- a/src/services/open_id.ts
+++ b/src/services/open_id.ts
@@ -89,6 +89,14 @@ function isTokenValid(req: Request, res: Response, next: NextFunction) {
}
}
+function getSsoName() {
+ return config.MultiFactorAuthentication.issuerName
+}
+
+function getSsoIcon() {
+ return config.MultiFactorAuthentication.issuerIcon
+}
+
function generateOAuthConfig() {
const authRoutes = {
callback: "/callback",
@@ -105,7 +113,7 @@ function generateOAuthConfig() {
auth0Logout: false,
baseURL: config.MultiFactorAuthentication.oauthBaseUrl,
clientID: config.MultiFactorAuthentication.oauthClientId,
- issuerBaseURL: "https://accounts.google.com",
+ issuerBaseURL: config.MultiFactorAuthentication.issuerBaseUrl,
secret: config.MultiFactorAuthentication.oauthClientSecret,
clientSecret: config.MultiFactorAuthentication.oauthClientSecret,
authorizationParams: {
@@ -128,8 +136,9 @@ function generateOAuthConfig() {
openIDEncryption.saveUser(
req.oidc.user.sub.toString(),
- req.oidc.user.name.toString(),
- req.oidc.user.email.toString()
+ // The claims of the ID token do not include name and email by default.
+ req.oidc.user.name?.toString() || "none",
+ req.oidc.user.email?.toString() || "none"
);
req.session.loggedIn = true;
@@ -148,6 +157,8 @@ export default {
generateOAuthConfig,
getOAuthStatus,
isOpenIDEnabled,
+ getSsoName,
+ getSsoIcon,
clearSavedUser,
isTokenValid,
isUserSaved,
diff --git a/src/views/login.ejs b/src/views/login.ejs
index d013b1b156..831da442cf 100644
--- a/src/views/login.ejs
+++ b/src/views/login.ejs
@@ -26,8 +26,8 @@
<% if (ssoEnabled) { %>
- 
- <%= t("login.sign_in_with_google") %>
+ 
+ <%= t("login.sign_in_with_sso", { ssoName }) %>
<% } else { %>