Add raw_info to auth_hash for response_type id_token (jjbohn#42)

* The complete id_token is now a part of the hash that is returned to the application * Bugfix: Redefining env method for Strategy class caused race condition in test execution
criticaljuncture · Sep 16, 2019 · 1424452 · 1424452
1 parent e05e60d
commit 1424452
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb
@@ -111,7 +111,6 @@ def callback_phase
         invalid_state = params['state'].to_s.empty? || params['state'] != stored_state
 
         raise CallbackError.new(params['error'], error_description, params['error_uri']) if error
-
         raise CallbackError, 'Invalid state parameter' if invalid_state
 
         return unless valid_response_type?
@@ -307,7 +306,8 @@ def id_token_callback_phase
         env['omniauth.auth'] = AuthHash.new(
           provider: name,
           uid: user_data['sub'],
-          info: { name: user_data['name'], email: user_data['email'] }
+          info: { name: user_data['name'], email: user_data['email'] },
+          extra: { raw_info: user_data }
         )
         call_app!
       end

diff --git a/test/lib/omniauth/strategies/openid_connect_test.rb b/test/lib/omniauth/strategies/openid_connect_test.rb
@@ -454,7 +454,8 @@ def test_state
 
       def test_dynamic_state
         # Stub request parameters
-        Strategy.send(:define_method, 'env', -> { { QUERY_STRING: { state: 'abc', client_id: '123' } } })
+        request.stubs(:path_info).returns('')
+        strategy.call!('rack.session' => { }, QUERY_STRING: { state: 'abc', client_id: '123' } )
 
         strategy.options.state = lambda { |env|
           # Get params from request, e.g. CGI.parse(env['QUERY_STRING'])
@@ -530,6 +531,42 @@ def test_public_key_with_hmac
         strategy.options.client_signing_alg = :HS256
         assert_equal strategy.options.client_options.secret, strategy.public_key
       end
+
+      def test_id_token_auth_hash
+        state = SecureRandom.hex(16)
+        nonce = SecureRandom.hex(16)
+        strategy.options.response_type = 'id_token'
+        strategy.options.issuer = 'example.com'
+
+        id_token = stub('OpenIDConnect::ResponseObject::IdToken')
+        id_token.stubs(:verify!).returns(true)
+        id_token.stubs(:raw_attributes, :to_h).returns( 
+          {
+            "iss": "http://server.example.com",
+            "sub": "248289761001",
+            "aud": "s6BhdRkqt3",
+            "nonce": "n-0S6_WzA2Mj",
+            "exp": 1311281970,
+            "iat": 1311280970,
+          }
+        )
+
+        request.stubs(:params).returns('state' => state, 'nounce' => nonce, 'id_token' => id_token)
+        request.stubs(:path_info).returns('')
+
+        strategy.stubs(:decode_id_token).returns(id_token)
+        strategy.stubs(:stored_state).returns(state)
+
+        strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
+        strategy.callback_phase
+
+        auth_hash = strategy.send(:env)['omniauth.auth']
+        assert auth_hash.key?('provider')
+        assert auth_hash.key?('uid')
+        assert auth_hash.key?('info')
+        assert auth_hash.key?('extra')
+        assert auth_hash['extra'].key?('raw_info')
+      end
     end
   end
 end