feat(jwt): New option to control user info check. (#16115)

damencho · web-flow · commit 293b6fa90853 · 2025-06-04T08:07:42.000-05:00
* feat(jwt): New option to control user info check.

* squash: Rename.
diff --git a/config.js b/config.js
@@ -1576,6 +1576,9 @@ var config = {
     // tokenAuthUrlAutoRedirect: false
     // An option to respect the context.tenant jwt field compared to the current tenant from the url
     // tokenRespectTenant: false,
+    // An option to get for user info (name, picture, email) in the token outside the user context.
+    // Can be used with Firebase tokens.
+    // tokenGetUserInfoOutOfContext: false,
 
     // You can put an array of values to target different entity types in the invite dialog.
     // Valid values are "phone", "room", "sip", "user", "videosipgw" and "email"
diff --git a/react/features/base/config/configType.ts b/react/features/base/config/configType.ts
@@ -603,8 +603,9 @@ export interface IConfig {
     };
     tokenAuthUrl?: string;
     tokenAuthUrlAutoRedirect?: string;
+    tokenGetUserInfoOutOfContext?: boolean;
     tokenLogoutUrl?: string;
-    tokenRespectTenant?: string;
+    tokenRespectTenant?: boolean;
     toolbarButtons?: Array<ToolbarButton>;
     toolbarConfig?: {
         alwaysVisible?: boolean;
diff --git a/react/features/base/jwt/middleware.ts b/react/features/base/jwt/middleware.ts
@@ -165,6 +165,7 @@ function _setJWT(store: IStore, next: Function, action: AnyAction) {
 
             if (jwtPayload) {
                 const { context, iss, sub } = jwtPayload;
+                const { tokenGetUserInfoOutOfContext, tokenRespectTenant } = state['features/base/config'];
 
                 action.jwt = jwt;
                 action.issuer = iss;
@@ -180,7 +181,6 @@ function _setJWT(store: IStore, next: Function, action: AnyAction) {
                     const newUser = user ? { ...user } : {};
 
                     let features = context.features;
-                    const { tokenRespectTenant } = state['features/base/config'];
 
                     // eslint-disable-next-line max-depth
                     if (!isVpaasMeeting(state) && tokenRespectTenant && context.tenant) {
@@ -210,7 +210,8 @@ function _setJWT(store: IStore, next: Function, action: AnyAction) {
                     if (context.user && context.user.role === 'visitor') {
                         action.preferVisitor = true;
                     }
-                } else if (jwtPayload.name || jwtPayload.picture || jwtPayload.email) {
+                } else if (tokenGetUserInfoOutOfContext
+                    && (jwtPayload.name || jwtPayload.picture || jwtPayload.email)) {
                     // there are some tokens (firebase) having picture and name on the main level.
                     _overwriteLocalParticipant(store, {
                         avatarURL: jwtPayload.picture,
