Add email to id_token

This commit is contained in:
Pierre HUBERT 2022-04-15 20:34:07 +02:00
parent 03a4bbb580
commit 937343c5f9
2 changed files with 12 additions and 2 deletions

View File

@ -216,8 +216,8 @@ pub async fn token(req: HttpRequest,
clients: web::Data<ClientManager>, clients: web::Data<ClientManager>,
app_config: web::Data<AppConfig>, app_config: web::Data<AppConfig>,
sessions: web::Data<Addr<OpenIDSessionsActor>>, sessions: web::Data<Addr<OpenIDSessionsActor>>,
users: web::Data<Addr<UsersActor>>,
jwt_signer: web::Data<JWTSigner>) -> actix_web::Result<HttpResponse> { jwt_signer: web::Data<JWTSigner>) -> actix_web::Result<HttpResponse> {
// TODO : check auth challenge : https://oa.dnc.global/-fr-.html?page=unarticle&id_article=148&lang=fr
// Extraction authentication information // Extraction authentication information
let authorization_header = req.headers().get("authorization"); let authorization_header = req.headers().get("authorization");
@ -318,6 +318,12 @@ pub async fn token(req: HttpRequest,
sessions.send(openid_sessions_actor::UpdateSession(session.clone())) sessions.send(openid_sessions_actor::UpdateSession(session.clone()))
.await.unwrap(); .await.unwrap();
let user: Option<User> = users.send(users_actor::GetUserRequest(session.user.clone()))
.await.unwrap().0;
let user = match user {
None => return Ok(error_response(&query, "invalid_request", "User not found!")),
Some(u) => u,
};
// Generate id token // Generate id token
let id_token = IdToken { let id_token = IdToken {
@ -328,6 +334,7 @@ pub async fn token(req: HttpRequest,
issued_at: time(), issued_at: time(),
auth_time: session.auth_time, auth_time: session.auth_time,
nonce: session.nonce, nonce: session.nonce,
email: user.email,
}; };
TokenResponse { TokenResponse {

View File

@ -23,11 +23,13 @@ pub struct IdToken {
/// String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string. /// String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub nonce: Option<String>, pub nonce: Option<String>,
pub email: String,
} }
#[derive(serde::Serialize, serde::Deserialize)] #[derive(serde::Serialize, serde::Deserialize)]
pub struct CustomIdTokenClaims { pub struct CustomIdTokenClaims {
auth_time: u64, auth_time: u64,
email: String,
} }
impl IdToken { impl IdToken {
@ -42,7 +44,8 @@ impl IdToken {
jwt_id: None, jwt_id: None,
nonce: self.nonce, nonce: self.nonce,
custom: CustomIdTokenClaims { custom: CustomIdTokenClaims {
auth_time: self.auth_time auth_time: self.auth_time,
email: self.email,
}, },
} }
} }