-
Notifications
You must be signed in to change notification settings - Fork 0
/
id_token.go
54 lines (47 loc) · 1.38 KB
/
id_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package server
import (
"context"
"github.com/1f349/lavender/database"
"github.com/1f349/mjwt"
"github.com/go-oauth2/oauth2/v4"
"github.com/go-oauth2/oauth2/v4/server"
"github.com/golang-jwt/jwt/v4"
"strings"
)
func addIdTokenSupport(srv *server.Server, db *database.Queries, key mjwt.Signer) {
srv.SetExtensionFieldsHandler(func(ti oauth2.TokenInfo) (fieldsValue map[string]interface{}) {
scope := ti.GetScope()
if containsScope(scope, "openid") {
idToken, err := generateIDToken(ti, db, key)
if err != nil {
return
}
fieldsValue = map[string]interface{}{}
fieldsValue["id_token"] = idToken
}
return
})
}
// IdTokenClaims contains the JWT claims for an access token
type IdTokenClaims struct {
Subject string `json:"subject"`
}
func (a IdTokenClaims) Valid() error { return nil }
func (a IdTokenClaims) Type() string { return "id-token" }
func generateIDToken(ti oauth2.TokenInfo, us *database.Queries, key mjwt.Signer) (token string, err error) {
user, err := us.GetUser(context.Background(), ti.GetUserID())
if err != nil {
return "", err
}
token, err = key.GenerateJwt(user.Subject, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Subject})
return
}
func containsScope(scopes, s string) bool {
_scopes := strings.Split(scopes, " ")
for _, _s := range _scopes {
if _s == s {
return true
}
}
return false
}