From 136c4dfb645aff8a97e3c26fcc5b91ff9e32b3e7 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 20 Mar 2025 08:33:34 -0600 Subject: feat: add id_token when scope includes oidc --- bin/idp | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/bin/idp b/bin/idp index fdc6ab7..18e117b 100755 --- a/bin/idp +++ b/bin/idp @@ -105,6 +105,15 @@ module Authn end def create_access_token + ::Authz::JWT.new( + sub: to_global_id.to_s, + auth_time: Time.now.to_i, + email: self[:email], + username: self[:username], + ) + end + + def create_id_token ::Authz::JWT.new(sub: to_global_id.to_s) end @@ -338,7 +347,9 @@ module Authz def initialize(claims) now = Time.now.to_i @claims = { + iss: "#{$scheme}://#{$host}", iat: now, + aud: "", nbf: now, jti: SecureRandom.uuid, exp: now + 3600, @@ -447,17 +458,18 @@ module Authz raise NotImplementedError end - def create!(user) - new(user).tap do |grant| + def create!(user, params = {}) + new(user, params).tap do |grant| all << grant end end end - attr_reader :code, :user + attr_reader :code, :user, :params - def initialize(user) + def initialize(user, params = {}) @user = user + @params = params @code = SecureRandom.uuid @exchanged_at = nil end @@ -485,7 +497,11 @@ module Authz issued_token_type: "urn:ietf:params:oauth:token-type:access_token", expires_in: 3600, refresh_token: SecureRandom.hex(32) - } + }.tap do |body| + if params['scope'].include?("openid") + body[:id_token] = user.create_id_token.to_jwt + end + end end end @@ -570,7 +586,7 @@ module Authz def post_authorize(request) params = request.params.slice('client_id', 'redirect_uri', 'response_type', 'response_mode', 'state', 'code_challenge_method', 'code_challenge', 'scope') - grant = AuthorizationGrant.create!(current_user(request)) + grant = AuthorizationGrant.create!(current_user(request), params) case params['response_type'] when 'code' case params['response_mode'] -- cgit v1.2.3