diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-20 08:33:34 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-20 08:33:34 -0600 |
| commit | 136c4dfb645aff8a97e3c26fcc5b91ff9e32b3e7 (patch) | |
| tree | 49d014db9ac00add00ca0b90851cf7199ca34ead | |
| parent | 45937c020872bca92ad7d8209be6eb719ec8dd53 (diff) | |
feat: add id_token when scope includes oidc
| -rwxr-xr-x | bin/idp | 28 |
1 files changed, 22 insertions, 6 deletions
@@ -105,6 +105,15 @@ module Authn end def create_access_token + ::Authz::JWT.new( + sub: to_global_id.to_s, + auth_time: Time.now.to_i, + email: self[:email], + username: self[:username], + ) + end + + def create_id_token ::Authz::JWT.new(sub: to_global_id.to_s) end @@ -338,7 +347,9 @@ module Authz def initialize(claims) now = Time.now.to_i @claims = { + iss: "#{$scheme}://#{$host}", iat: now, + aud: "", nbf: now, jti: SecureRandom.uuid, exp: now + 3600, @@ -447,17 +458,18 @@ module Authz raise NotImplementedError end - def create!(user) - new(user).tap do |grant| + def create!(user, params = {}) + new(user, params).tap do |grant| all << grant end end end - attr_reader :code, :user + attr_reader :code, :user, :params - def initialize(user) + def initialize(user, params = {}) @user = user + @params = params @code = SecureRandom.uuid @exchanged_at = nil end @@ -485,7 +497,11 @@ module Authz issued_token_type: "urn:ietf:params:oauth:token-type:access_token", expires_in: 3600, refresh_token: SecureRandom.hex(32) - } + }.tap do |body| + if params['scope'].include?("openid") + body[:id_token] = user.create_id_token.to_jwt + end + end end end @@ -570,7 +586,7 @@ module Authz def post_authorize(request) params = request.params.slice('client_id', 'redirect_uri', 'response_type', 'response_mode', 'state', 'code_challenge_method', 'code_challenge', 'scope') - grant = AuthorizationGrant.create!(current_user(request)) + grant = AuthorizationGrant.create!(current_user(request), params) case params['response_type'] when 'code' case params['response_mode'] |