Username UNDEF if not using client-certs

[andreas-p]

Problem Statement

By initial motivation (https://medium.com/@jkroepke/openvpn-sso-via-oauth2-ab2583ee8477), this manager should make using client certificates for openvpn authentication unneeded. Actually, openvpn/openvpn-auth-oauth2 works fine with verify-client-cert none, but the status file will state "UNDEF" as user, and consequently ipp.txt won't help to re-use IP addresses when the same user reconnects.
Current, client certificates and verify-client-cert required/optional is necessary to obtain the username in openvpn.

Proposed Solution

openvpn-auth-oauth2 should report the username back to openvpn, so that openvpn-status and ipp.txt can work as expected.
Preferrably, the username should be taken from the OAuth2 claims. For this, I propose a setting oauth2.userclaim, to specify where to take the username from (might be one of e.g. preferred_username, email, name).

Additional information

No response

Acceptance Criteria

No response

[jkroepke]

openvpn-auth-oauth2 should report the username back to openvpn

The OpenVPN server itself can't override the common name from a client. And there is no away that openvpn-auth-oauth2 can report the username back.

See: OpenVPN/openvpn#299

Once implement in OpenVPN server, I will implement it soon. You may can leave a comment there.

---

There is a command in OpenVPN called auth-token-user, which is only used in context of auth-token. While its implemented, auth-token is only used, if the initial sessions contains username/password and the value of auth-token-user is not used on ipp.txt file.

See: OpenVPN/openvpn#296

[jkroepke]

FYI: I have written a request for help issue here: #202

If you know people with c knowledge, let them know.

I would also close the issue in favor of #202