refactor(core): enable userinfo endpoint and resource scope consent (#187)

* refactor(core): enable userinfo endpoint and resource scope consent enable userinfo endpoint and resource scope consent * fix(core): cr fix add comment add comment for useGrantedResource settigns reference
2025-01-06 20:40:08 -05:00 · 2022-01-24 10:13:18 +08:00 · 2022-01-24 10:13:18 +08:00 · 93df7db2ca
commit 93df7db2ca
parent d78aa07f7e
2 changed files with 12 additions and 13 deletions
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@ -36,11 +36,15 @@ export default async function initOidc(app: Koa): Promise<Provider> {
      keys,
    },
    features: {
+      userinfo: { enabled: true },
      revocation: { enabled: true },
      introspection: { enabled: true },
      devInteractions: { enabled: false },
      resourceIndicators: {
        enabled: true,
+        // Disable the auto use of authorization_code granted resource feature
+        // https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#usegrantedresource
+        useGrantedResource: () => false,
        getResourceServerInfo: async (ctx, indicator) => {
          const resourceServer = await findResourceByIdentifier(indicator);

--- a/packages/core/src/routes/session.ts
+++ b/packages/core/src/routes/session.ts
@ -76,18 +76,6 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
    const { session, grantId, params, prompt } = interaction;
    assertThat(session, 'session.not_found');

-    const { scope } = object({
-      scope: string().optional(),
-    }).parse(params);
-
-    // LOG-49: Connect and check scope with resource indicators
-    const scopes = scope?.split(' ') ?? [];
-    const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
-    assertThat(invalidScopes.length === 0, 'oidc.invalid_scope', {
-      count: invalidScopes.length,
-      scopes: invalidScopes.join(', '),
-    });
-
    const { accountId } = session;
    const grant =
      conditional(grantId && (await provider.Grant.find(grantId))) ??
@ -96,13 +84,20 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
    // V2: fulfill missing claims / resources
    const PromptDetailsBody = object({
      missingOIDCScope: string().array().optional(),
+      missingResourceScopes: object({}).catchall(string().array()).optional(),
    });
-    const { missingOIDCScope } = PromptDetailsBody.parse(prompt.details);
+    const { missingOIDCScope, missingResourceScopes } = PromptDetailsBody.parse(prompt.details);

    if (missingOIDCScope) {
      grant.addOIDCScope(missingOIDCScope.join(' '));
    }

+    if (missingResourceScopes) {
+      for (const [indicator, scope] of Object.entries(missingResourceScopes)) {
+        grant.addResourceScope(indicator, scope.join(' '));
+      }
+    }
+
    const finalGrantId = await grant.save();

    // V2: configure consent