Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-27 21:39:16 -05:00
Code Issues Activity

refactor(core): enable userinfo endpoint and resource scope consent (#187)

Browse source 
* refactor(core): enable userinfo endpoint and resource scope consent

enable userinfo endpoint and resource scope consent

* fix(core): cr fix add comment

add comment for useGrantedResource settigns reference
This commit is contained in:
simeng-li 2022-01-24 10:13:18 +08:00 committed by GitHub
parent d78aa07f7e
commit 93df7db2ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/core/src/oidc/init.ts
View file

@ -36,11 +36,15 @@ export default async function initOidc(app: Koa): Promise<Provider> {
keys, keys,
}, },
features: { features: {
userinfo: { enabled: true },
revocation: { enabled: true }, revocation: { enabled: true },
introspection: { enabled: true }, introspection: { enabled: true },
devInteractions: { enabled: false }, devInteractions: { enabled: false },
resourceIndicators: { resourceIndicators: {
enabled: true, enabled: true,
// Disable the auto use of authorization_code granted resource feature
// https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#usegrantedresource
useGrantedResource: () => false,
getResourceServerInfo: async (ctx, indicator) => { getResourceServerInfo: async (ctx, indicator) => {
const resourceServer = await findResourceByIdentifier(indicator); const resourceServer = await findResourceByIdentifier(indicator);

21
packages/core/src/routes/session.ts
View file

@ -76,18 +76,6 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
const { session, grantId, params, prompt } = interaction; const { session, grantId, params, prompt } = interaction;
assertThat(session, 'session.not_found'); assertThat(session, 'session.not_found');
const { scope } = object({
scope: string().optional(),
}).parse(params);
// LOG-49: Connect and check scope with resource indicators
const scopes = scope?.split(' ') ?? [];
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
assertThat(invalidScopes.length === 0, 'oidc.invalid_scope', {
count: invalidScopes.length,
scopes: invalidScopes.join(', '),
});
const { accountId } = session; const { accountId } = session;
const grant = const grant =
conditional(grantId && (await provider.Grant.find(grantId))) ?? conditional(grantId && (await provider.Grant.find(grantId))) ??
@ -96,13 +84,20 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
// V2: fulfill missing claims / resources // V2: fulfill missing claims / resources
const PromptDetailsBody = object({ const PromptDetailsBody = object({
missingOIDCScope: string().array().optional(), missingOIDCScope: string().array().optional(),
missingResourceScopes: object({}).catchall(string().array()).optional(),
}); });
const { missingOIDCScope } = PromptDetailsBody.parse(prompt.details); const { missingOIDCScope, missingResourceScopes } = PromptDetailsBody.parse(prompt.details);
if (missingOIDCScope) { if (missingOIDCScope) {
grant.addOIDCScope(missingOIDCScope.join(' ')); grant.addOIDCScope(missingOIDCScope.join(' '));
} }
if (missingResourceScopes) {
for (const [indicator, scope] of Object.entries(missingResourceScopes)) {
grant.addResourceScope(indicator, scope.join(' '));
}
}
const finalGrantId = await grant.save(); const finalGrantId = await grant.save();
// V2: configure consent // V2: configure consent