id token changes
This commit is contained in:
parent
a440d1f4ac
commit
fb126677e0
GPG Key ID:
1688DA83D222D0B5
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "@icynet/oauth2-provider",
|
||||
"version": "1.0.0",
|
||||
"version": "1.0.2",
|
||||
"description": "OAuth2.0 Provider for Icy Network",
|
||||
"main": "dist/index.js",
|
||||
"types": "dist/index.d.ts",
|
||||
|
|
|
|||
|
|
@ -209,6 +209,7 @@ export const authorization = wrap(async (req, res) => {
|
|||
data = await oauth2.model.jwt.issueIdToken(
|
||||
user,
|
||||
scope,
|
||||
redirectUri,
|
||||
req.query.nonce as string | undefined
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ export async function authorizationCode(
|
|||
);
|
||||
|
||||
try {
|
||||
respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope);
|
||||
respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope, null, code.nonce);
|
||||
} catch (err) {
|
||||
oauth2.logger.error(err);
|
||||
throw new ServerError('Failed to issue an ID token');
|
||||
|
|
|
|||
|
|
@ -38,21 +38,6 @@ export const middleware = wrap(async function (req: Request, res, next) {
|
|||
throw new AccessDenied('Bearer token not found');
|
||||
}
|
||||
|
||||
if (req.oauth2.model.jwt) {
|
||||
if (req.oauth2.model.jwt.isIdToken(token)) {
|
||||
const valid = await req.oauth2.model.jwt.validateIdToken(token);
|
||||
if (!valid) {
|
||||
throw new AccessDenied('Invalid or expired ID token');
|
||||
}
|
||||
|
||||
const bearer = await req.oauth2.model.jwt.convertIdTokenToBearer(token);
|
||||
res.locals.accessToken = bearer;
|
||||
res.locals.idToken = token;
|
||||
req.oauth2.logger.debug('IdToken fetched', bearer);
|
||||
return next();
|
||||
}
|
||||
}
|
||||
|
||||
// Try to fetch access token
|
||||
const object = await req.oauth2.model.accessToken.fetchByToken(token);
|
||||
if (!object) {
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ export interface OAuth2Code {
|
|||
user_id: string | number;
|
||||
client_id: string | number;
|
||||
scope: string;
|
||||
nonce?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -327,27 +328,9 @@ export interface JWTAdapter {
|
|||
issueIdToken: (
|
||||
user: OAuth2User,
|
||||
scope: string[],
|
||||
redirectUri?: string,
|
||||
nonce?: string
|
||||
) => Promise<string>;
|
||||
|
||||
/**
|
||||
* Is the input an ID token or not
|
||||
* @param token Token to check
|
||||
*/
|
||||
isIdToken: (token: string) => boolean;
|
||||
|
||||
/**
|
||||
* Check the validity of an ID token
|
||||
* @param token JWT token from user
|
||||
*/
|
||||
validateIdToken: (token: string) => Promise<boolean>;
|
||||
|
||||
/**
|
||||
* In order to use the Bearer middleware with ID tokens,
|
||||
* we have to convert it into a common format.
|
||||
* @param token A valid JWT token
|
||||
*/
|
||||
convertIdTokenToBearer: (token: string) => Promise<OAuth2AccessToken>;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue