X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7d7cd32ca72397b635f7be597ad467ca27cffe6e..refs/pull/5293/head:/app/Access/Oidc/OidcService.php

diff --git a/app/Access/Oidc/OidcService.php b/app/Access/Oidc/OidcService.php
index fba6dc9a8..7c1760649 100644
--- a/app/Access/Oidc/OidcService.php
+++ b/app/Access/Oidc/OidcService.php
@@ -201,6 +201,9 @@ class OidcService
         if (empty($userDetails->email)) {
             throw new OidcException(trans('errors.oidc_no_email_address'));
         }
+        if (empty($userDetails->name)) {
+            $userDetails->name = $userDetails->externalId;
+        }
 
         $isLoggedIn = auth()->check();
         if ($isLoggedIn) {
@@ -243,10 +246,14 @@ class OidcService
         if (!$userDetails->isFullyPopulated($this->shouldSyncGroups()) && !empty($settings->userinfoEndpoint)) {
             $provider = $this->getProvider($settings);
             $request = $provider->getAuthenticatedRequest('GET', $settings->userinfoEndpoint, $accessToken->getToken());
-            $response = new OidcUserinfoResponse($provider->getResponse($request));
+            $response = new OidcUserinfoResponse(
+                $provider->getResponse($request),
+                $settings->issuer,
+                $settings->keys,
+            );
 
             try {
-                $response->validate($idToken->getClaim('sub'));
+                $response->validate($idToken->getClaim('sub'), $settings->clientId);
             } catch (OidcInvalidTokenException $exception) {
                 throw new OidcException("Userinfo endpoint response validation failed with error: {$exception->getMessage()}");
             }