update SecurityConfig added first- and lastname claim to be mandatory

src/main/java/de/avatic/lcc/config/SecurityConfig.java

@@ -74,6 +74,12 @@ public class SecurityConfig {
     @Value("${lcc.auth.claim.email}")
     private String emailClaim;
 
+    @Value("${lcc.auth.claim.firstname}")
+    private String firstnameClaim;
+
+    @Value("${lcc.auth.claim.lastname}")
+    private String lastNameClaim;
+
     @Value("${lcc.auth.claim.ignore.workday}")
     private boolean ignoreWorkdayClaim;
 
@@ -93,6 +99,7 @@ public class SecurityConfig {
                         .anyRequest().authenticated()
                 )
                 .oauth2Login(oauth2 -> oauth2
+
                         .defaultSuccessUrl("/", true)
                 )
                 .oauth2ResourceServer(oauth2 -> oauth2
@@ -272,29 +279,33 @@ public class SecurityConfig {
             String workdayId = oidcUser.getAttribute(workdayClaim);
             String email = oidcUser.getAttribute(emailClaim);
 
+            String firstName = oidcUser.getAttribute(firstnameClaim);
+            String lastName = oidcUser.getAttribute(lastNameClaim);
+
 
             if (identifyBy.equals("email") && email != null && !email.isEmpty()) {
                 log.debug("Fetch user by email {}", email);
                 user = userRepository.getByEmail(email);
-
             } else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) {
                 log.debug("Fetch user by workday id {}", workdayId);
                 user = userRepository.getByWorkdayId(workdayId).orElse(null);
             }
 
             if (user != null) {
+                user.getGroups().forEach(g -> log.debug("Local group: {}", g));
                 user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
                 userId = user.getId();
-            }
-
-            if (user == null && email != null && (ignoreWorkdayClaim || workdayId != null)) {
+            } else {
+                if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
                     var isFirstUser = userRepository.count() == 0;
-                userId = userRepository.update(LccOidcUser.createDatabaseUser(email, oidcUser.getGivenName(), oidcUser.getFamilyName(), ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser));
+                    userId = userRepository.update(LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser));
                     mappedAuthorities.add(new SimpleGrantedAuthority(isFirstUser ? "ROLE_SERVICE" : "ROLE_NONE"));
                 } else {
                     log.debug("Unable to create user {} / {}", email, workdayId);
                     mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
                 }
+            }
+
 
 
             return new LccOidcUser(
@@ -305,8 +316,6 @@ public class SecurityConfig {
                     userId
             );
         };
-
-
     }
 
     private String generateRandomWorkdayId() {

src/main/resources/application.properties

@@ -29,6 +29,9 @@ lcc.allowed_oauth_token_cors=*
 lcc.auth.identify.by=workday
 lcc.auth.claim.workday=employeeid
 lcc.auth.claim.email=preferred_username
+lcc.auth.claim.firstname=given_name
+lcc.auth.claim.lastname=family_name
+
 lcc.auth.claim.ignore.workday=false
 
 # Bulk Import