id token changes

This commit is contained in:
Evert Prants 2022-09-16 17:29:15 +03:00
parent a440d1f4ac
commit fb126677e0
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
5 changed files with 5 additions and 36 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "@icynet/oauth2-provider", "name": "@icynet/oauth2-provider",
"version": "1.0.0", "version": "1.0.2",
"description": "OAuth2.0 Provider for Icy Network", "description": "OAuth2.0 Provider for Icy Network",
"main": "dist/index.js", "main": "dist/index.js",
"types": "dist/index.d.ts", "types": "dist/index.d.ts",

View File

@ -209,6 +209,7 @@ export const authorization = wrap(async (req, res) => {
data = await oauth2.model.jwt.issueIdToken( data = await oauth2.model.jwt.issueIdToken(
user, user,
scope, scope,
redirectUri,
req.query.nonce as string | undefined req.query.nonce as string | undefined
); );

View File

@ -116,7 +116,7 @@ export async function authorizationCode(
); );
try { try {
respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope); respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope, null, code.nonce);
} catch (err) { } catch (err) {
oauth2.logger.error(err); oauth2.logger.error(err);
throw new ServerError('Failed to issue an ID token'); throw new ServerError('Failed to issue an ID token');

View File

@ -38,21 +38,6 @@ export const middleware = wrap(async function (req: Request, res, next) {
throw new AccessDenied('Bearer token not found'); throw new AccessDenied('Bearer token not found');
} }
if (req.oauth2.model.jwt) {
if (req.oauth2.model.jwt.isIdToken(token)) {
const valid = await req.oauth2.model.jwt.validateIdToken(token);
if (!valid) {
throw new AccessDenied('Invalid or expired ID token');
}
const bearer = await req.oauth2.model.jwt.convertIdTokenToBearer(token);
res.locals.accessToken = bearer;
res.locals.idToken = token;
req.oauth2.logger.debug('IdToken fetched', bearer);
return next();
}
}
// Try to fetch access token // Try to fetch access token
const object = await req.oauth2.model.accessToken.fetchByToken(token); const object = await req.oauth2.model.accessToken.fetchByToken(token);
if (!object) { if (!object) {

View File

@ -31,6 +31,7 @@ export interface OAuth2Code {
user_id: string | number; user_id: string | number;
client_id: string | number; client_id: string | number;
scope: string; scope: string;
nonce?: string;
} }
/** /**
@ -327,27 +328,9 @@ export interface JWTAdapter {
issueIdToken: ( issueIdToken: (
user: OAuth2User, user: OAuth2User,
scope: string[], scope: string[],
redirectUri?: string,
nonce?: string nonce?: string
) => Promise<string>; ) => Promise<string>;
/**
* Is the input an ID token or not
* @param token Token to check
*/
isIdToken: (token: string) => boolean;
/**
* Check the validity of an ID token
* @param token JWT token from user
*/
validateIdToken: (token: string) => Promise<boolean>;
/**
* In order to use the Bearer middleware with ID tokens,
* we have to convert it into a common format.
* @param token A valid JWT token
*/
convertIdTokenToBearer: (token: string) => Promise<OAuth2AccessToken>;
} }
/** /**