feat(oidc): allow email prefix as username fallback

CHANGELOG.md

@@ -1,6 +1,8 @@
 # CHANGELOG
 
 ## Next
+- OIDC: Fallback to using email prefix as username if is EmailVerified when
+  preferred_username is missing
 
 ### BREAKING
 

hscontrol/types/users.go

@@ -319,6 +319,14 @@ func (u *User) FromClaim(claims *OIDCClaims) {
 		u.Name = claims.Username
 	} else {
 		log.Debug().Err(err).Msgf("Username %s is not valid", claims.Username)
+
+		if claims.Email != "" && claims.EmailVerified {
+			emailParts := strings.Split(claims.Email, "@")
+			if len(emailParts) > 0 && emailParts[0] != "" {
+				u.Name = emailParts[0]
+				log.Debug().Msgf("Using email prefix %s as name", u.Name)
+			}
+		}
 	}
 
 	if claims.EmailVerified {

hscontrol/types/users_test.go

@@ -307,6 +307,7 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 			want: User{
 				Provider: util.RegisterMethodOIDC,
 				Email:    "test@test.no",
+				Name:     "test", // Expect email prefix to be used as fallback name
 				ProviderIdentifier: sql.NullString{
 					String: "/test",
 					Valid:  true,
@@ -325,6 +326,7 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 			want: User{
 				Provider: util.RegisterMethodOIDC,
 				Email:    "test2@test.no",
+				Name:     "test2", // Expect email prefix to be used as fallback name
 				ProviderIdentifier: sql.NullString{
 					String: "/test2",
 					Valid:  true,
@@ -446,6 +448,26 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 				ProfilePicURL: "https://cdn.casbin.org/img/casbin.svg",
 			},
 		},
+		{
+			name: "empty-username-use-email-prefix",
+			jsonstr: `
+{
+  "sub": "123456789",
+  "email": "johndoe@example.com",
+  "email_verified": true,
+  "iss": "https://auth.example.com"
+}
+			`,
+			want: User{
+				Provider: util.RegisterMethodOIDC,
+				Email:    "johndoe@example.com",
+				Name:     "johndoe", // Should use email prefix
+				ProviderIdentifier: sql.NullString{
+					String: "https://auth.example.com/123456789",
+					Valid:  true,
+				},
+			},
+		},
 	}
 
 	for _, tt := range tests {