Add email to id_token

2022-04-15 20:34:07 +02:00 · 2022-04-15 20:34:07 +02:00 · 937343c5f9
commit 937343c5f9
parent 03a4bbb580
2 changed files with 12 additions and 2 deletions
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@ -216,8 +216,8 @@ pub async fn token(req: HttpRequest,
                   clients: web::Data<ClientManager>,
                   app_config: web::Data<AppConfig>,
                   sessions: web::Data<Addr<OpenIDSessionsActor>>,
+                   users: web::Data<Addr<UsersActor>>,
                   jwt_signer: web::Data<JWTSigner>) -> actix_web::Result<HttpResponse> {
-    // TODO : check auth challenge : https://oa.dnc.global/-fr-.html?page=unarticle&id_article=148&lang=fr

    // Extraction authentication information
    let authorization_header = req.headers().get("authorization");
@ -318,6 +318,12 @@ pub async fn token(req: HttpRequest,
            sessions.send(openid_sessions_actor::UpdateSession(session.clone()))
                .await.unwrap();

+            let user: Option<User> = users.send(users_actor::GetUserRequest(session.user.clone()))
+                .await.unwrap().0;
+            let user = match user {
+                None => return Ok(error_response(&query, "invalid_request", "User not found!")),
+                Some(u) => u,
+            };

            // Generate id token
            let id_token = IdToken {
@ -328,6 +334,7 @@ pub async fn token(req: HttpRequest,
                issued_at: time(),
                auth_time: session.auth_time,
                nonce: session.nonce,
+                email: user.email,
            };

            TokenResponse {
--- a/src/data/id_token.rs
+++ b/src/data/id_token.rs
@ -23,11 +23,13 @@ pub struct IdToken {
    /// String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub nonce: Option<String>,
+    pub email: String,
 }

 #[derive(serde::Serialize, serde::Deserialize)]
 pub struct CustomIdTokenClaims {
    auth_time: u64,
+    email: String,
 }

 impl IdToken {
@ -42,7 +44,8 @@ impl IdToken {
            jwt_id: None,
            nonce: self.nonce,
            custom: CustomIdTokenClaims {
-                auth_time: self.auth_time
+                auth_time: self.auth_time,
+                email: self.email,
            },
        }
    }