✨ add validator to claim_mapping

mozilla_django_oidc_db/constants.py

@@ -11,3 +11,16 @@
 OPEN_ID_CONFIG_PATH = ".well-known/openid-configuration"
 
 CONFIG_CLASS_SESSION_KEY = "_OIDCDB_CONFIG_CLASS"
+
+CLAIM_MAPPING_SCHEMA = {
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "title": "Claim Mapping",
+    "description": "Mapping from user-model fields to OIDC claims",
+    "type": "object",
+    "properties": {},
+    "additionalProperties": {
+        "description": "mapping",
+        "type": "array",
+        "items": {"type": "string"},
+    },
+}

mozilla_django_oidc_db/migrations/0005_alter_openidconnectconfig_claim_mapping.py

@@ -0,0 +1,24 @@
+# Generated by Django 4.2.15 on 2024-10-25 14:15
+
+from django.db import migrations
+import django_jsonform.models.fields
+import mozilla_django_oidc_db.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("mozilla_django_oidc_db", "0004_remove_openidconnectconfig_oidc_exempt_urls"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="openidconnectconfig",
+            name="claim_mapping",
+            field=django_jsonform.models.fields.JSONField(
+                default=mozilla_django_oidc_db.models.get_claim_mapping,
+                help_text="Mapping from user-model fields to OIDC claims",
+                verbose_name="claim mapping",
+            ),
+        ),
+    ]

mozilla_django_oidc_db/models.py

@@ -11,10 +11,11 @@
 from django.utils.encoding import force_str
 from django.utils.translation import gettext_lazy as _
 
-from django_jsonform.models.fields import ArrayField
+from django_jsonform.models.fields import ArrayField, JSONField
 from solo import settings as solo_settings
 from solo.models import SingletonModel
 
+from .constants import CLAIM_MAPPING_SCHEMA
 from .fields import ClaimField, ClaimFieldDefault
 from .typing import ClaimPath, DjangoView
 
@@ -249,10 +250,11 @@ class OpenIDConnectConfig(OpenIDConnectConfigBase):
         help_text=_("The name of the OIDC claim that is used as the username"),
     )
 
-    claim_mapping = models.JSONField(
+    claim_mapping = JSONField(
         _("claim mapping"),
         default=get_claim_mapping,
-        help_text=("Mapping from user-model fields to OIDC claims"),
+        help_text=_("Mapping from user-model fields to OIDC claims"),
+        schema=CLAIM_MAPPING_SCHEMA,
     )
     groups_claim = ClaimField(
         verbose_name=_("groups claim"),

mozilla_django_oidc_db/setup_config.py

@@ -9,7 +9,7 @@
 from django_setup_configuration.exceptions import ConfigurationRunFailed, SelfTestFailed
 
 from .forms import OIDCSetupConfigForm
-from .models import OpenIDConnectConfig
+from .models import OpenIDConnectConfig, get_claim_mapping
 from .views import OIDCAuthenticationRequestView
 
 
@@ -39,6 +39,7 @@ def configure(self):
             "sync_groups": config.sync_groups,
             "oidc_use_nonce": config.oidc_use_nonce,
             "enabled": True,
+            "claim_mapping": config.claim_mapping,  # JSONFormField widget cannot handle blank values with object schema
             **settings.OIDC_DB_SETUP_CONFIG_ADMIN_AUTH,
         }
 

pyproject.toml

@@ -28,7 +28,7 @@ classifiers = [
 requires-python = ">=3.10"
 dependencies = [
     "django>=4.2",
-    "django-jsonform",
+    "django-jsonform>=2.12",
     "django-solo",
     "glom",
     "mozilla-django-oidc>=3.0.0",