id token changes
This commit is contained in:
parent
a440d1f4ac
commit
fb126677e0
GPG Key ID:
1688DA83D222D0B5
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@icynet/oauth2-provider",
|
"name": "@icynet/oauth2-provider",
|
||||||
"version": "1.0.0",
|
"version": "1.0.2",
|
||||||
"description": "OAuth2.0 Provider for Icy Network",
|
"description": "OAuth2.0 Provider for Icy Network",
|
||||||
"main": "dist/index.js",
|
"main": "dist/index.js",
|
||||||
"types": "dist/index.d.ts",
|
"types": "dist/index.d.ts",
|
||||||
|
|||||||
@ -209,6 +209,7 @@ export const authorization = wrap(async (req, res) => {
|
|||||||
data = await oauth2.model.jwt.issueIdToken(
|
data = await oauth2.model.jwt.issueIdToken(
|
||||||
user,
|
user,
|
||||||
scope,
|
scope,
|
||||||
|
redirectUri,
|
||||||
req.query.nonce as string | undefined
|
req.query.nonce as string | undefined
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
@ -116,7 +116,7 @@ export async function authorizationCode(
|
|||||||
);
|
);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope);
|
respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope, null, code.nonce);
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
oauth2.logger.error(err);
|
oauth2.logger.error(err);
|
||||||
throw new ServerError('Failed to issue an ID token');
|
throw new ServerError('Failed to issue an ID token');
|
||||||
|
|||||||
@ -38,21 +38,6 @@ export const middleware = wrap(async function (req: Request, res, next) {
|
|||||||
throw new AccessDenied('Bearer token not found');
|
throw new AccessDenied('Bearer token not found');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (req.oauth2.model.jwt) {
|
|
||||||
if (req.oauth2.model.jwt.isIdToken(token)) {
|
|
||||||
const valid = await req.oauth2.model.jwt.validateIdToken(token);
|
|
||||||
if (!valid) {
|
|
||||||
throw new AccessDenied('Invalid or expired ID token');
|
|
||||||
}
|
|
||||||
|
|
||||||
const bearer = await req.oauth2.model.jwt.convertIdTokenToBearer(token);
|
|
||||||
res.locals.accessToken = bearer;
|
|
||||||
res.locals.idToken = token;
|
|
||||||
req.oauth2.logger.debug('IdToken fetched', bearer);
|
|
||||||
return next();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Try to fetch access token
|
// Try to fetch access token
|
||||||
const object = await req.oauth2.model.accessToken.fetchByToken(token);
|
const object = await req.oauth2.model.accessToken.fetchByToken(token);
|
||||||
if (!object) {
|
if (!object) {
|
||||||
|
|||||||
@ -31,6 +31,7 @@ export interface OAuth2Code {
|
|||||||
user_id: string | number;
|
user_id: string | number;
|
||||||
client_id: string | number;
|
client_id: string | number;
|
||||||
scope: string;
|
scope: string;
|
||||||
|
nonce?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -327,27 +328,9 @@ export interface JWTAdapter {
|
|||||||
issueIdToken: (
|
issueIdToken: (
|
||||||
user: OAuth2User,
|
user: OAuth2User,
|
||||||
scope: string[],
|
scope: string[],
|
||||||
|
redirectUri?: string,
|
||||||
nonce?: string
|
nonce?: string
|
||||||
) => Promise<string>;
|
) => Promise<string>;
|
||||||
|
|
||||||
/**
|
|
||||||
* Is the input an ID token or not
|
|
||||||
* @param token Token to check
|
|
||||||
*/
|
|
||||||
isIdToken: (token: string) => boolean;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check the validity of an ID token
|
|
||||||
* @param token JWT token from user
|
|
||||||
*/
|
|
||||||
validateIdToken: (token: string) => Promise<boolean>;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* In order to use the Bearer middleware with ID tokens,
|
|
||||||
* we have to convert it into a common format.
|
|
||||||
* @param token A valid JWT token
|
|
||||||
*/
|
|
||||||
convertIdTokenToBearer: (token: string) => Promise<OAuth2AccessToken>;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user