feat(go): use acces token instead of ID token

pathwar · May 19, 2023 · 499a8e4 · 499a8e4
1 parent f2f8068
commit 499a8e4
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 6 deletions.
diff --git a/go/pkg/pwsso/testing.go b/go/pkg/pwsso/testing.go
@@ -13,8 +13,8 @@ const (
 	testingPubKey   = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvJIRVk38uby5bGVJpCS\ndr7RardC6s1G61A+CO127rvTjLkDFxhM3n6NkF1GVBvIXBbvaj6Q7+CKPR1L5NMG\nlEFvQTjbcuBL11v7ViYE+UnNmJcXHZb+kzVml3evcUhyVqf8aPkyT7CgzM+0BjPf\nUYFZ4raWM9vG+WAmYCXMnKek4jFhLhZGQO9n9W7wrZW3Yegc/YQWuqGtkaRUsfwd\nwQJn4OIhpMVw4YKQIpz7BPObRqAh49dn1waQ5TEvW0IUVwHW8nTCHbePXxLeSEat\n0REs32wJt5G9JgSnaqs/j7AqctG41qbO0dqxE/FgmcAsCmd82MUFI1VBzOYmnLdT\njQIDAQAB"
 	testingRealm    = "Pathwar-Dev"
 	testingClientID = "bJpLWOLTRseEVfM9kvFhKfi9wUBmm8Gh"
-	testingToken    = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJDck10ZmN1cjFDcVNtT28teHZacUt0ZTRoODk4ZjZpYl9KOGk5TXZDck5zIn0.eyJqdGkiOiI0ZGE4ZTM2NS1iZTkzLTRmMGEtYmU0ZC0yNDdjMzA4OGZmNWUiLCJleHAiOjE1ODM0Mjc1MTIsIm5iZiI6MCwiaWF0IjoxNTgzNDI3MjEyLCJpc3MiOiJodHRwczovL2lkLnBhdGh3YXIubGFuZC9hdXRoL3JlYWxtcy9QYXRod2FyLURldiIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwNDgyNjZiOS0yY2M4LTQ2ZjMtOTcyZC0zN2YyZDhmY2M3NWIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwbGF0Zm9ybS1jbGkiLCJub25jZSI6IjZlMWUyYjc4LTk0MjgtNDRhNi04ZjIwLTA5NTY3ZTE1Y2FjMyIsImF1dGhfdGltZSI6MTU4MzQyNzIwNywic2Vzc2lvbl9zdGF0ZSI6ImEyMzg2N2U2LTc0ZjEtNGRmOS04ZDRiLWU5NTVlMWRmMmYxNCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicGxhdGZvcm0tY2xpIjp7InJvbGVzIjpbImFnZW50IiwiYWRtaW4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiTWFuZnJlZCBUb3Vyb24iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtb3VsIiwiZ2l2ZW5fbmFtZSI6Ik1hbmZyZWQiLCJmYW1pbHlfbmFtZSI6IlRvdXJvbiIsImVtYWlsIjoibUA0Mi5hbSJ9.I9jYiBGCacaBiqndq1EsinZxY-uWRjdHZbFRdE9CWsSiOEJzKGznufEppk0bj2XmAm4GwfWey55U-jHh91KgnDJG7XsgA2p_t-LX1yj4EgrHxcXQ0PiOKU19br4kbCfKVaOMsBQqa-pGyZVFwVc9rYmGA6xtx6No1O5j-tdsizp5-HVNil0E195ZnSoMiNk9yJsG8-ta7wrQ6u9PqPbnEuhltu6SZyfAD7gTw2RUDu77LKISIaJCPbD5IPj2Rtv2gfM4BoZ8TiMYO_DSRIAWsFc1C1z8iR6-BvAvOAfqDV4GeyD9DQsMDxz5qYmTnHnXMrVNSvYd6aehwyDik-ERIA"
-	testingToken2   = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJDck10ZmN1cjFDcVNtT28teHZacUt0ZTRoODk4ZjZpYl9KOGk5TXZDck5zIn0.eyJqdGkiOiJiNGRhOWZjZS1lMzdlLTRkMTMtODYxYy02NzExYWZjOWU5NTgiLCJleHAiOjE2MDM4ODkwMjcsIm5iZiI6MCwiaWF0IjoxNjAzODg4NzI3LCJpc3MiOiJodHRwczovL2lkLnBhdGh3YXIubGFuZC9hdXRoL3JlYWxtcy9QYXRod2FyLURldiIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJmYTVmNzE4Mi0wZmIxLTRlODUtOTJlYy01ZWIyNzRlNWQyNjUiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwbGF0Zm9ybS1mcm9udCIsIm5vbmNlIjoiNDFmOTc4ZjYtMWVkMS00NmI4LTgxMDgtYmJmOGJlM2IwZjQ5IiwiYXV0aF90aW1lIjoxNjAzODg4NzEwLCJzZXNzaW9uX3N0YXRlIjoiZDJjMDVlNzItY2JkOC00YTAyLWExMDYtNTNiMWQ1NWNlMzdhIiwiYWNyIjoiMCIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiUm9nZXIgTW9yZSIsInByZWZlcnJlZF91c2VybmFtZSI6InJvZ2VybW9yZTEzMzdAZ21haWwuY29tIiwiZ2l2ZW5fbmFtZSI6IlJvZ2VyIiwiZmFtaWx5X25hbWUiOiJNb3JlIiwiZW1haWwiOiJyb2dlcm1vcmUxMzM3QGdtYWlsLmNvbSJ9.WEekzk27D6jpkiZ6fOWBEAEBzjtSdAaCwB5uOBgENlZ1lqtQ8vSJZbkJ9gh1KCWX7tYNORRsy1qGOwW-1vBeUN75xP2wruymA7ZssjOdp0m_UxfzfDdxYRuWyhDyOHSONQYqT0vHDaBBwc1qbg1Rj3BAtRtolYl5-rtn2ZRPaneFeBBzNvTqhLVNdPPdN9I2b5ApIBbvmL1JaRZm3DHcj-vMsr2wWBaX8xqcMmfFLiVluaAcXJkPrKgHKpCi7AjYz5BfnoKANuasQcSYrc5LtNGafO0h3rTB5rKW2tHlinyR7psxT9xCwZBWK1kNN7l5WhvOPFxPuD7Fazzd1p2YXg"
+	testingToken    = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlBPNVlab3NHZ0V1VFViQklfNEFpMiJ9.eyJpc3MiOiJodHRwczovL2Rldi01Y2N3enk4cXRjc2pzbnBmLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnaXRodWJ8NzEzMzkxNTMiLCJhdWQiOiJodHRwczovL3BhdGh3YXIubmV0LyIsImlhdCI6MTY4NDM3NzM4MiwiZXhwIjoxNjg0NDYzNzgyLCJhenAiOiJiSnBMV09MVFJzZUVWZk05a3ZGaEtmaTl3VUJtbThHaCIsInNjb3BlIjoib2ZmbGluZV9hY2Nlc3MiLCJwZXJtaXNzaW9ucyI6WyJhZG1pbiIsImFnZW50Il19.VctZTCvkSPGdHN5h3WjveCOPIxHtGIK2yam0PGHJSiWzTUTGxy4PM_0t5u2IywI2gLv6YSdxH9qj9FEuEWO37IeBHRc3n1lT_15MqMha__Zk5Ps-C4uHnCiyJQD23m1Zb-eupmjTubCJ5ua1nYmQ_eY9-YUhhnU9CsZeW5S0feEbmIS7bHLmduPV-iqLRuCiqEdk8y0QAQjwZ050SKOTzyIkJFHzG3b8909cFc48EAfyRdzEeXEY0x8au2B87dicPQtDh1Sb_c0_UVh2s8xVadiciIx11hr8bTgltlkfeNvWrByYNMgTlFR8btZc6sGu4M0xGqjLkLV129HQmiN3dA"
+	testingToken2   = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlBPNVlab3NHZ0V1VFViQklfNEFpMiJ9.eyJpc3MiOiJodHRwczovL2Rldi01Y2N3enk4cXRjc2pzbnBmLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNTkwMDE5MDAxMDA2MjA1OTI0MiIsImF1ZCI6Imh0dHBzOi8vcGF0aHdhci5uZXQvIiwiaWF0IjoxNjg0NDg0NDAxLCJleHAiOjE2ODQ1NzA4MDEsImF6cCI6ImJKcExXT0xUUnNlRVZmTTlrdkZoS2ZpOXdVQm1tOEdoIiwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyIsInBlcm1pc3Npb25zIjpbXX0.Fv5iVgZYc3OHSoBs38hYhDBD471TPJ2nyOtyp-JsNGSsXd4uoh84XYqRWF2WUFyNGw3pnJZyyr1gO4GYo7BXunfaLTYBzHK8CZ5dJnsCVqH342WdWYOaYpouBCyvofq3k3cdu5mjvTDyswV9logJlAtHuNAqMKSoxU0hU4_BdG6X5-TmMmVQkw0CGpcfcv7PYfeWWB0nyCETkPew-LZsSchRh2h2aLCe3XOUK0vhsuyAhku3HgG1rLmEubxGmGTieBDpf0KyWPIH6Kg4EA_Ni6pQ40nbpkQvPbLVNeBXKdkvym658zeygADV048LXQMRQnez7RqwxLc0VePxtAOc7Q"
 )
 
 func TestingClaims(t *testing.T) *Claims {

diff --git a/go/pkg/pwsso/token.go b/go/pkg/pwsso/token.go
@@ -1,13 +1,19 @@
 package pwsso
 
 import (
+	"bytes"
+	"encoding/json"
+	io "io"
+	"net/http"
 	time "time"
 
 	jwt "github.com/dgrijalva/jwt-go"
 	"go.uber.org/zap"
 	"pathwar.land/pathwar/v2/go/pkg/errcode"
 )
 
+const ProviderBaseURL = "https://dev-5ccwzy8qtcsjsnpf.us.auth0.com"
+
 func (c *client) TokenWithClaims(bearer string) (*jwt.Token, jwt.MapClaims, error) {
 	token, claims, err := TokenWithClaims(bearer, c.publicKey, c.opts.AllowUnsafe)
 	if err != nil {
@@ -101,18 +107,54 @@ func ClaimsFromToken(token *jwt.Token) *Claims {
 	}
 
 	// OIDC specific
-	if v := mc["preferred_username"]; v != nil {
+	userinfo, err := getUserinfo(token)
+	if err != nil {
+		return nil
+	}
+	if v := userinfo["preferred_username"]; v != nil {
 		claims.PreferredUsername = v.(string)
-	} else if v := mc["nickname"]; v != nil {
+	} else if v := userinfo["nickname"]; v != nil {
 		claims.PreferredUsername = v.(string)
 	}
-	if v := mc["email"]; v != nil {
+	if v := userinfo["email"]; v != nil {
 		claims.Email = v.(string)
 	}
-	if v := mc["email_verified"]; v != nil {
+	if v := userinfo["email_verified"]; v != nil {
 		claims.EmailVerified = v.(bool)
 	}
 
 	//FIXME: add more claims
 	return claims
 }
+
+func getUserinfo(token *jwt.Token) (map[string]interface{}, error) {
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", ProviderBaseURL+"/userinfo", &bytes.Buffer{})
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Authorization", "Bearer "+token.Raw)
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+
+		}
+	}(resp.Body)
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	var userinfo map[string]interface{}
+	err = json.Unmarshal(body, &userinfo)
+	if err != nil {
+		return nil, err
+	}
+	return userinfo, nil
+}