From 4e98f6ed7fab7ca7177ac9096b2826df8326fa6c Mon Sep 17 00:00:00 2001
From: Michael Robbins <michael@dalmura.com.au>
Date: Sat, 28 Nov 2020 20:39:19 +1100
Subject: [PATCH] Fix OIDC claims granting admin by default (#86)

* Fix OIDC documentation

Renaming userClaimsRules => claimMapping to match source code

* Updating Claim logic to add a basic 'truthy' check

If the Claim has a boolean result, check that it is true
If the Claim has a string result, check that it isn't empty
---
 pkg/authnz/authconfig/oidc.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/authnz/authconfig/oidc.go b/pkg/authnz/authconfig/oidc.go
index 5d95a66..40d97c3 100644
--- a/pkg/authnz/authconfig/oidc.go
+++ b/pkg/authnz/authconfig/oidc.go
@@ -117,9 +117,11 @@ func (c *OIDCConfig) callbackHandler(runtime *authruntime.ProviderRuntime, oauth
 				http.Error(w, err.Error(), http.StatusBadRequest)
 				return
 			}
-			if val, ok := result.(bool); ok {
+			
+			// If result is 'false' or an empty string then don't include the Claim
+			if val, ok := result.(bool); ok && val {
 				claims.Add(claimName, strconv.FormatBool(val))
-			} else if val, ok := result.(string); ok {
+			} else if val, ok := result.(string); ok && len(val) > 0 {
 				claims.Add(claimName, val)
 			}
 		}