From 0c89a92f66123bb5eb52886440786ee85bc77bfd Mon Sep 17 00:00:00 2001
From: Vincent Wilms <git@m1.apollo3zehn.net>
Date: Sat, 25 Jan 2025 22:07:47 +0100
Subject: [PATCH] Fix OIDC identifier claim definition

---
 CHANGELOG.md                          | 3 +++
 src/Nexus/Core/NexusAuthExtensions.cs | 2 +-
 src/Nexus/Core/NexusOptions.cs        | 5 ++---
 version.json                          | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb6c275a..544016ed 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## v2.0.0-beta.45 - 2025-01-25
+- Fix OIDC identifier claim definition
+
 ## v2.0.0-beta.44 - 2025-01-23
 - Fix SimpleDataSource (Python)
 
diff --git a/src/Nexus/Core/NexusAuthExtensions.cs b/src/Nexus/Core/NexusAuthExtensions.cs
index e4c4882d..1091624a 100644
--- a/src/Nexus/Core/NexusAuthExtensions.cs
+++ b/src/Nexus/Core/NexusAuthExtensions.cs
@@ -138,7 +138,7 @@ public static IServiceCollection AddNexusAuth(
                         var principal = context.Principal
                             ?? throw new Exception("The principal is null. This should never happen.");
 
-                        var identifierClaim = securityOptions.OidcIdentifierClaim;
+                        var identifierClaim = provider.IdentifierClaim;
 
                         var userId = principal.FindFirstValue(identifierClaim)
                             ?? throw new Exception($"Could not find a value for claim '{identifierClaim}' in the OIDC ticket.");
diff --git a/src/Nexus/Core/NexusOptions.cs b/src/Nexus/Core/NexusOptions.cs
index aabf2b19..0d240450 100644
--- a/src/Nexus/Core/NexusOptions.cs
+++ b/src/Nexus/Core/NexusOptions.cs
@@ -100,7 +100,8 @@ internal record OpenIdConnectProvider(
     string DisplayName,
     string Authority,
     string ClientId,
-    string ClientSecret
+    string ClientSecret,
+    string IdentifierClaim = Claims.Subject
 );
 
 internal partial record SecurityOptions() : NexusOptionsBase
@@ -110,6 +111,4 @@ internal partial record SecurityOptions() : NexusOptionsBase
     public TimeSpan CookieLifetime { get; set; } = TimeSpan.FromDays(30);
 
     public List<OpenIdConnectProvider> OidcProviders { get; set; } = [];
-
-    public string OidcIdentifierClaim { get; set; } = Claims.Subject;
 }
\ No newline at end of file
diff --git a/version.json b/version.json
index 3b804a5e..083a9144 100644
--- a/version.json
+++ b/version.json
@@ -1,4 +1,4 @@
 {
     "version": "2.0.0",
-    "suffix": "beta.44"
+    "suffix": "beta.45"
 }
\ No newline at end of file