add preferred_username profile field and use the value in new oidc claim preferred_username served under the profile scope

Author: tykling

README.md

@@ -168,12 +168,12 @@ The BornHack website can act as an OIDC IDP. You are welcome to use it for your
 
 ### OIDC User Claims
 
-The supported standard and custom OIDC user claims can be seen in `bornhack/oauth_validators.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/oauth_validators
+The supported standard and custom OIDC user claims can be seen in `bornhack/oauth_validators.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/oauth_validators.py
 
 
 ### OIDC Scopes
 
-Supported oauth2 scopes are split between standard OIDC claim scopes, custom OIDC claim scopes, and API scopes. The current list of supported scopes can be seen in the `OAUTH2_PROVIDER["SCOPES"]` dict in `bornhack/settings.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/settings.py
+Supported oauth2 scopes are divided into standard OIDC claim scopes, custom OIDC claim scopes, and API scopes. The current list of supported scopes can be seen in the `OAUTH2_PROVIDER["SCOPES"]` dict in `bornhack/settings.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/settings.py
 
 
 ## Notes

src/bornhack/oauth_validators.py

@@ -17,6 +17,7 @@ class BornhackOAuth2Validator(OAuth2Validator):
             "email_verified": "email",
             "phone_number": "phone",
             "phone_number_verified": "phone",
+            "preferred_username": "profile",
             "updated_at": "profile",
             # the custom user claims we support, and the (mostly custom) scopes they require
             "bornhack:v2:description": "profile",
@@ -46,6 +47,7 @@ def get_additional_claims(self, request) -> dict[str, str | list[dict[str, str]]
         if request.user.is_anonymous:
             return claims
 
+        # these claims are always available
         claims.update(
             {
                 # standard OIDC claims
@@ -84,11 +86,15 @@ def get_additional_claims(self, request) -> dict[str, str | list[dict[str, str]]
         # include phonenumber?
         if request.user.profile.phonenumber:
             claims["phone_number"] = request.user.profile.phonenumber
-            claims["phone_number_verified"] = True
 
         # include profile description?
         if request.user.profile.description:
             claims["bornhack:v2:description"] = request.user.profile.description
+
+        # include preferred_username?
+        if request.user.profile.preferred_username:
+            claims["preferred_username"] = request.user.profile.preferred_username
+
         return claims
 
     def get_discovery_claims(self, request) -> list[str]:
@@ -103,6 +109,7 @@ def get_discovery_claims(self, request) -> list[str]:
             "nickname",
             "phone_number",
             "phone_number_verified",
+            "preferred_username",
             "sub",
             "updated_at",
             # custom user claims

src/profiles/migrations/0018_profile_preferred_username.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.20 on 2025-04-28 15:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('profiles', '0017_alter_profile_phonenumber'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='preferred_username',
+            field=models.SlugField(blank=True, help_text="When using your BornHack account to login to other sites with OIDC this value is served as the OIDC standard claim 'preferred_username'. You can set this to the username you would prefer to use on remote sites where you login with your BornHack account."),
+        ),
+    ]

src/profiles/models.py

@@ -67,13 +67,18 @@ class Meta:
         help_text="The phonenumber you can be reached on. This field can be updated automatically when registering a DECT number in the phonebook.",
     )
 
-    # default to near general camping
     location = PointField(
         blank=True,
         null=True,
         help_text="Your location at BornHack. This value is available on public maps.",
     )
 
+    preferred_username = models.SlugField(
+        blank=True,
+        max_length=50,
+        help_text="When using your BornHack account to login to other sites with OIDC this value is served as the OIDC standard claim 'preferred_username'. You can set this to the username you would prefer to use on remote sites where you login with your BornHack account.",
+    )
+
     @property
     def email(self):
         return self.user.email

src/profiles/templates/profile_detail.html

@@ -91,6 +91,15 @@ <h4>Your information</h4>
           </td>
         </tr>
 
+        <tr>
+          <td>
+            <b>OIDC Preferred Username</b><br />
+            <small>When using BornHack as an IDP this value is available to remote sites with the <code>profile</code> scope. Set this to the username you prefer to use on the remote sites where you login with your BornHack account.</small>
+          </td>
+          <td>
+            {{ profile.preferred_username|default:"N/A" }}
+          </td>
+        </tr>
       </table>
     </div>
   </div>

src/profiles/views.py

@@ -32,6 +32,7 @@ class ProfileUpdate(LoginRequiredMixin, UpdateView):
         "location",
         "nickserv_username",
         "theme",
+        "preferred_username",
     ]
     success_url = reverse_lazy("profiles:detail")
     template_name = "profile_form.html"