jwt bearer

This commit is contained in:
Evert Prants 2022-03-16 21:37:26 +02:00
parent 8623087976
commit 2877dac937
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 37 additions and 0 deletions

View File

@ -25,6 +25,9 @@ export const middleware = wrap(async function (req: Request, res, next) {
'Bearer token parsed from authorization header:',
token
);
} else if (req.headers['x-access-token']) {
token = req.headers['x-access-token'];
req.oauth2.logger.debug('Bearer token parsed from x-access-token:', token);
} else if (req.query?.access_token) {
token = req.query.access_token;
req.oauth2.logger.debug('Bearer token parsed from query params:', token);
@ -35,6 +38,21 @@ export const middleware = wrap(async function (req: Request, res, next) {
throw new AccessDenied('Bearer token not found');
}
if (req.oauth2.model.jwt) {
if (req.oauth2.model.jwt.isIdToken(token)) {
const valid = await req.oauth2.model.jwt.validateIdToken(token);
if (!valid) {
throw new AccessDenied('Invalid or expired ID token');
}
const bearer = await req.oauth2.model.jwt.convertIdTokenToBearer(token);
res.locals.accessToken = bearer;
res.locals.idToken = token;
req.oauth2.logger.debug('IdToken fetched', bearer);
return next();
}
}
// Try to fetch access token
const object = await req.oauth2.model.accessToken.fetchByToken(token);
if (!object) {

View File

@ -329,6 +329,25 @@ export interface JWTAdapter {
scope: string[],
nonce?: string
) => Promise<string>;
/**
* Is the input an ID token or not
* @param token Token to check
*/
isIdToken: (token: string) => boolean;
/**
* Check the validity of an ID token
* @param token JWT token from user
*/
validateIdToken: (token: string) => Promise<boolean>;
/**
* In order to use the Bearer middleware with ID tokens,
* we have to convert it into a common format.
* @param token A valid JWT token
*/
convertIdTokenToBearer: (token: string) => Promise<OAuth2AccessToken>;
}
/**