Add email to id_token
This commit is contained in:
parent
03a4bbb580
commit
937343c5f9
@ -216,8 +216,8 @@ pub async fn token(req: HttpRequest,
|
||||
clients: web::Data<ClientManager>,
|
||||
app_config: web::Data<AppConfig>,
|
||||
sessions: web::Data<Addr<OpenIDSessionsActor>>,
|
||||
users: web::Data<Addr<UsersActor>>,
|
||||
jwt_signer: web::Data<JWTSigner>) -> actix_web::Result<HttpResponse> {
|
||||
// TODO : check auth challenge : https://oa.dnc.global/-fr-.html?page=unarticle&id_article=148&lang=fr
|
||||
|
||||
// Extraction authentication information
|
||||
let authorization_header = req.headers().get("authorization");
|
||||
@ -318,6 +318,12 @@ pub async fn token(req: HttpRequest,
|
||||
sessions.send(openid_sessions_actor::UpdateSession(session.clone()))
|
||||
.await.unwrap();
|
||||
|
||||
let user: Option<User> = users.send(users_actor::GetUserRequest(session.user.clone()))
|
||||
.await.unwrap().0;
|
||||
let user = match user {
|
||||
None => return Ok(error_response(&query, "invalid_request", "User not found!")),
|
||||
Some(u) => u,
|
||||
};
|
||||
|
||||
// Generate id token
|
||||
let id_token = IdToken {
|
||||
@ -328,6 +334,7 @@ pub async fn token(req: HttpRequest,
|
||||
issued_at: time(),
|
||||
auth_time: session.auth_time,
|
||||
nonce: session.nonce,
|
||||
email: user.email,
|
||||
};
|
||||
|
||||
TokenResponse {
|
||||
|
@ -23,11 +23,13 @@ pub struct IdToken {
|
||||
/// String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub nonce: Option<String>,
|
||||
pub email: String,
|
||||
}
|
||||
|
||||
#[derive(serde::Serialize, serde::Deserialize)]
|
||||
pub struct CustomIdTokenClaims {
|
||||
auth_time: u64,
|
||||
email: String,
|
||||
}
|
||||
|
||||
impl IdToken {
|
||||
@ -42,7 +44,8 @@ impl IdToken {
|
||||
jwt_id: None,
|
||||
nonce: self.nonce,
|
||||
custom: CustomIdTokenClaims {
|
||||
auth_time: self.auth_time
|
||||
auth_time: self.auth_time,
|
||||
email: self.email,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user