Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-31 22:51:25 -05:00
Code Issues Activity

refactor: try catch extraTokenClaims function to avoid breaking the auth process

Browse source
This commit is contained in:
Darcy Ye 2024-03-21 18:15:05 +08:00
parent 210bb298be
commit 8ea166ad2d
No known key found for this signature in database
GPG key ID: B46F4C07EDEFC610
1 changed files with 54 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
packages/core/src/oidc/init.ts
View file

@ -210,57 +210,61 @@ export default function initOidc(
},
extraParams: [OIDCExtraParametersKey.InteractionMode],
extraTokenClaims: async (ctx, token) => {
const { isDevFeaturesEnabled, isCloud } = EnvSet.values;
// No cloud connection for OSS version, skip.
if (!isDevFeaturesEnabled || !isCloud) {
return;
try {
const { isDevFeaturesEnabled, isCloud } = EnvSet.values;
// No cloud connection for OSS version, skip.
if (!isDevFeaturesEnabled || !isCloud) {
return;
}
const isTokenClientCredentials = token instanceof ctx.oidc.provider.ClientCredentials;
const { script, envVars } =
(await trySafe(
logtoConfigs.getJwtCustomizer(
isTokenClientCredentials
? LogtoJwtTokenKey.ClientCredentials
: LogtoJwtTokenKey.AccessToken
)
)) ?? {};
if (!script) {
return;
}
// Wait for cloud API to be ready and we can use cloud connection client to request the API.
const client = await cloudConnection.getClient();
// We pass context to the cloud API only when it is a user's access token.
const logtoUserInfo = conditional(
!isTokenClientCredentials &&
token.accountId &&
(await libraries.jwtCustomizers.getUserContext(token.accountId))
);
/**
* `token` and `context` can not be assigned to Record<string, Json> according to the type inference,
* use request body guard to ensure the type.
*
* Use direct type casting to avoid the type inference issue since if the type is not correct the client
* will throw an Zod type error, there is no need to implement the zod guard and error handling here.
*/
// eslint-disable-next-line no-restricted-syntax
const payload = {
script,
envVars,
token,
context: conditional(logtoUserInfo && { user: logtoUserInfo }),
} as unknown as CustomJwtFetcher;
return (
(await trySafe(
client.post(`/api/services/custom-jwt`, {
body: payload,
})
)) ?? {}
);
} catch {
// TODO: Log the error
}
const isTokenClientCredentials = token instanceof ctx.oidc.provider.ClientCredentials;
const { script, envVars } =
(await trySafe(
logtoConfigs.getJwtCustomizer(
isTokenClientCredentials
? LogtoJwtTokenKey.ClientCredentials
: LogtoJwtTokenKey.AccessToken
)
)) ?? {};
if (!script) {
return;
}
// Wait for cloud API to be ready and we can use cloud connection client to request the API.
const client = await cloudConnection.getClient();
// We pass context to the cloud API only when it is a user's access token.
const logtoUserInfo = conditional(
!isTokenClientCredentials &&
token.accountId &&
(await libraries.jwtCustomizers.getUserContext(token.accountId))
);
/**
* `token` and `context` can not be assigned to Record<string, Json> according to the type inference,
* use request body guard to ensure the type.
*
* Use direct type casting to avoid the type inference issue since if the type is not correct the client
* will throw an Zod type error, there is no need to implement the zod guard and error handling here.
*/
// eslint-disable-next-line no-restricted-syntax
const payload = {
script,
envVars,
token,
context: conditional(logtoUserInfo && { user: logtoUserInfo }),
} as unknown as CustomJwtFetcher;
return (
(await trySafe(
client.post(`/api/services/custom-jwt`, {
body: payload,
})
)) ?? {}
);
},
extraClientMetadata: {
properties: Object.values(CustomClientMetadataKey),