diff --git a/package.json b/package.json index f8601c6..8a60fff 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@icynet/oauth2-provider", - "version": "1.0.0", + "version": "1.0.2", "description": "OAuth2.0 Provider for Icy Network", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/src/controller/authorization.ts b/src/controller/authorization.ts index 6281d0d..f61f8aa 100644 --- a/src/controller/authorization.ts +++ b/src/controller/authorization.ts @@ -209,6 +209,7 @@ export const authorization = wrap(async (req, res) => { data = await oauth2.model.jwt.issueIdToken( user, scope, + redirectUri, req.query.nonce as string | undefined ); diff --git a/src/controller/tokens/authorizationCode.ts b/src/controller/tokens/authorizationCode.ts index 338df16..6f4bbd5 100644 --- a/src/controller/tokens/authorizationCode.ts +++ b/src/controller/tokens/authorizationCode.ts @@ -116,7 +116,7 @@ export async function authorizationCode( ); try { - respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope); + respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope, null, code.nonce); } catch (err) { oauth2.logger.error(err); throw new ServerError('Failed to issue an ID token'); diff --git a/src/middleware.ts b/src/middleware.ts index e2245da..016a280 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -38,21 +38,6 @@ export const middleware = wrap(async function (req: Request, res, next) { throw new AccessDenied('Bearer token not found'); } - if (req.oauth2.model.jwt) { - if (req.oauth2.model.jwt.isIdToken(token)) { - const valid = await req.oauth2.model.jwt.validateIdToken(token); - if (!valid) { - throw new AccessDenied('Invalid or expired ID token'); - } - - const bearer = await req.oauth2.model.jwt.convertIdTokenToBearer(token); - res.locals.accessToken = bearer; - res.locals.idToken = token; - req.oauth2.logger.debug('IdToken fetched', bearer); - return next(); - } - } - // Try to fetch access token const object = await req.oauth2.model.accessToken.fetchByToken(token); if (!object) { diff --git a/src/model/model.ts b/src/model/model.ts index 452fa53..79ff6b1 100644 --- a/src/model/model.ts +++ b/src/model/model.ts @@ -31,6 +31,7 @@ export interface OAuth2Code { user_id: string | number; client_id: string | number; scope: string; + nonce?: string; } /** @@ -327,27 +328,9 @@ export interface JWTAdapter { issueIdToken: ( user: OAuth2User, scope: string[], + redirectUri?: string, nonce?: string ) => Promise; - - /** - * Is the input an ID token or not - * @param token Token to check - */ - isIdToken: (token: string) => boolean; - - /** - * Check the validity of an ID token - * @param token JWT token from user - */ - validateIdToken: (token: string) => Promise; - - /** - * In order to use the Bearer middleware with ID tokens, - * we have to convert it into a common format. - * @param token A valid JWT token - */ - convertIdTokenToBearer: (token: string) => Promise; } /**