mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
chore: fix
This commit is contained in:
parent
ea796c15a5
commit
5ea8c49c5d
2 changed files with 18 additions and 25 deletions
|
@ -1,6 +1,5 @@
|
||||||
/* eslint-disable max-lines */
|
/* eslint-disable max-lines */
|
||||||
/* istanbul ignore file */
|
/* istanbul ignore file */
|
||||||
|
|
||||||
import assert from 'node:assert';
|
import assert from 'node:assert';
|
||||||
import { readFileSync } from 'node:fs';
|
import { readFileSync } from 'node:fs';
|
||||||
|
|
||||||
|
@ -14,7 +13,6 @@ import {
|
||||||
logtoCookieKey,
|
logtoCookieKey,
|
||||||
type LogtoUiCookie,
|
type LogtoUiCookie,
|
||||||
LogtoJwtTokenKey,
|
LogtoJwtTokenKey,
|
||||||
type CustomJwtFetcher,
|
|
||||||
} from '@logto/schemas';
|
} from '@logto/schemas';
|
||||||
import { conditional, trySafe, tryThat } from '@silverhand/essentials';
|
import { conditional, trySafe, tryThat } from '@silverhand/essentials';
|
||||||
import i18next from 'i18next';
|
import i18next from 'i18next';
|
||||||
|
@ -219,6 +217,12 @@ export default function initOidc(
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const isTokenClientCredentials = token instanceof ctx.oidc.provider.ClientCredentials;
|
const isTokenClientCredentials = token instanceof ctx.oidc.provider.ClientCredentials;
|
||||||
|
const pickedFields = isTokenClientCredentials
|
||||||
|
? ctx.oidc.provider.ClientCredentials.IN_PAYLOAD
|
||||||
|
: ctx.oidc.provider.AccessToken.IN_PAYLOAD;
|
||||||
|
const readOnlyToken = Object.fromEntries(
|
||||||
|
pickedFields.map((field) => [field, Reflect.get(token, field)])
|
||||||
|
);
|
||||||
|
|
||||||
const { script, envVars } =
|
const { script, envVars } =
|
||||||
(await trySafe(
|
(await trySafe(
|
||||||
|
@ -233,7 +237,6 @@ export default function initOidc(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Wait for cloud API to be ready and we can use cloud connection client to request the API.
|
|
||||||
const client = await cloudConnection.getClient();
|
const client = await cloudConnection.getClient();
|
||||||
|
|
||||||
// We pass context to the cloud API only when it is a user's access token.
|
// We pass context to the cloud API only when it is a user's access token.
|
||||||
|
@ -242,27 +245,16 @@ export default function initOidc(
|
||||||
token.accountId &&
|
token.accountId &&
|
||||||
(await libraries.jwtCustomizers.getUserContext(token.accountId))
|
(await libraries.jwtCustomizers.getUserContext(token.accountId))
|
||||||
);
|
);
|
||||||
/**
|
|
||||||
* `token` and `context` can not be assigned to Record<string, Json> according to the type inference,
|
// `context` parameter is only eligible for user's access token for now.
|
||||||
* use request body guard to ensure the type.
|
return await client.post(`/api/services/custom-jwt`, {
|
||||||
*
|
body: {
|
||||||
* Use direct type casting to avoid the type inference issue since if the type is not correct the client
|
script,
|
||||||
* will throw an Zod type error, there is no need to implement the zod guard and error handling here.
|
envVars,
|
||||||
*/
|
token: readOnlyToken,
|
||||||
// eslint-disable-next-line no-restricted-syntax
|
...conditional(logtoUserInfo && { context: { user: logtoUserInfo } }),
|
||||||
const payload = {
|
},
|
||||||
script,
|
});
|
||||||
envVars,
|
|
||||||
token,
|
|
||||||
context: conditional(logtoUserInfo && { user: logtoUserInfo }),
|
|
||||||
} as unknown as CustomJwtFetcher;
|
|
||||||
return (
|
|
||||||
(await trySafe(
|
|
||||||
client.post(`/api/services/custom-jwt`, {
|
|
||||||
body: payload,
|
|
||||||
})
|
|
||||||
)) ?? {}
|
|
||||||
);
|
|
||||||
} catch {
|
} catch {
|
||||||
// TODO: Log the error
|
// TODO: Log the error
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import { jsonObjectGuard } from '@logto/connector-kit';
|
||||||
import { z } from 'zod';
|
import { z } from 'zod';
|
||||||
|
|
||||||
import { MfaFactor } from './sign-in-experience.js';
|
import { MfaFactor } from './sign-in-experience.js';
|
||||||
|
@ -56,7 +57,7 @@ export const roleNamesGuard = z.string().array();
|
||||||
|
|
||||||
export const identityGuard = z.object({
|
export const identityGuard = z.object({
|
||||||
userId: z.string(),
|
userId: z.string(),
|
||||||
details: z.record(z.unknown()).optional(), // Connector's userinfo details, schemaless
|
details: jsonObjectGuard.optional(), // Connector's userinfo details, schemaless
|
||||||
});
|
});
|
||||||
export const identitiesGuard = z.record(identityGuard);
|
export const identitiesGuard = z.record(identityGuard);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue