Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-02-03 21:48:55 -05:00
Code Issues Activity

feat(core): set claims for profile scope (#1013)

Browse source
This commit is contained in:
Gao Sun 2022-06-01 15:00:10 +08:00 committed by GitHub
parent 28e09b6994
commit 7781d49667
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
packages/core/src/oidc/init.ts
View file

@ -5,6 +5,7 @@ import { exportJWK } from 'jose';
import Koa from 'koa'; import Koa from 'koa';
import mount from 'koa-mount'; import mount from 'koa-mount';
import { Provider, errors } from 'oidc-provider'; import { Provider, errors } from 'oidc-provider';
import snakecaseKeys from 'snakecase-keys';
import envSet from '@/env-set'; import envSet from '@/env-set';
import postgresAdapter from '@/oidc/adapter'; import postgresAdapter from '@/oidc/adapter';
@ -26,7 +27,7 @@ export default async function initOidc(app: Koa): Promise<Provider> {
} as const); } as const);
const oidc = new Provider(issuer, { const oidc = new Provider(issuer, {
adapter: postgresAdapter, adapter: postgresAdapter,
renderError: (ctx, out, error) => { renderError: (_ctx, _out, error) => {
console.log('OIDC error', error); console.log('OIDC error', error);
throw error; throw error;
}, },
@ -85,18 +86,25 @@ export default async function initOidc(app: Koa): Promise<Provider> {
// https://github.com/panva/node-oidc-provider/blob/main/recipes/client_based_origins.md // https://github.com/panva/node-oidc-provider/blob/main/recipes/client_based_origins.md
clientBasedCORS: (ctx, origin, client) => clientBasedCORS: (ctx, origin, client) =>
ctx.request.origin === origin || isOriginAllowed(origin, client.metadata()), ctx.request.origin === origin || isOriginAllowed(origin, client.metadata()),
findAccount: async (ctx, sub) => { // https://github.com/panva/node-oidc-provider/blob/main/recipes/claim_configuration.md
await findUserById(sub); claims: {
profile: ['username', 'name', 'avatar', 'roles'],
},
// https://github.com/panva/node-oidc-provider/tree/main/docs#findaccount
findAccount: async (_ctx, sub) => {
const { username, name, avatar, roleNames, customData } = await findUserById(sub);
return { return {
accountId: sub, accountId: sub,
claims: async (use, scope, claims, rejected) => { claims: async (use) => {
console.log('use:', use); return snakecaseKeys({
console.log('scope:', scope); sub,
console.log('claims:', claims); username,
console.log('rejected:', rejected); name,
avatar,
return { sub }; roles: roleNames,
...(use === 'userinfo' && { customData }),
});
}, },
}; };
}, },
@ -104,18 +112,18 @@ export default async function initOidc(app: Koa): Promise<Provider> {
/** /**
* [OIDC Provider Default Settings](https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#ttl) * [OIDC Provider Default Settings](https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#ttl)
*/ */
IdToken: (ctx, token, client) => { IdToken: (_ctx, _token, client) => {
const { idTokenTtl } = client.metadata(); const { idTokenTtl } = client.metadata();
return idTokenTtl ?? defaultIdTokenTtl; return idTokenTtl ?? defaultIdTokenTtl;
}, },
RefreshToken: (ctx, token, client) => { RefreshToken: (_ctx, _token, client) => {
const { refreshTokenTtl } = client.metadata(); const { refreshTokenTtl } = client.metadata();
return refreshTokenTtl ?? defaultRefreshTokenTtl; return refreshTokenTtl ?? defaultRefreshTokenTtl;
}, },
}, },
extraTokenClaims: async (ctx, token) => { extraTokenClaims: async (_ctx, token) => {
// AccessToken type is not exported by default, need to asset token is AccessToken // AccessToken type is not exported by default, need to asset token is AccessToken
if (token.kind === 'AccessToken') { if (token.kind === 'AccessToken') {
const { accountId } = token; const { accountId } = token;