mirror of
https://github.com/logto-io/logto.git
synced 2025-01-20 21:32:31 -05:00
refactor(core): enable userinfo endpoint and resource scope consent (#187)
* refactor(core): enable userinfo endpoint and resource scope consent enable userinfo endpoint and resource scope consent * fix(core): cr fix add comment add comment for useGrantedResource settigns reference
This commit is contained in:
parent
d78aa07f7e
commit
93df7db2ca
2 changed files with 12 additions and 13 deletions
|
@ -36,11 +36,15 @@ export default async function initOidc(app: Koa): Promise<Provider> {
|
|||
keys,
|
||||
},
|
||||
features: {
|
||||
userinfo: { enabled: true },
|
||||
revocation: { enabled: true },
|
||||
introspection: { enabled: true },
|
||||
devInteractions: { enabled: false },
|
||||
resourceIndicators: {
|
||||
enabled: true,
|
||||
// Disable the auto use of authorization_code granted resource feature
|
||||
// https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#usegrantedresource
|
||||
useGrantedResource: () => false,
|
||||
getResourceServerInfo: async (ctx, indicator) => {
|
||||
const resourceServer = await findResourceByIdentifier(indicator);
|
||||
|
||||
|
|
|
@ -76,18 +76,6 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
|
|||
const { session, grantId, params, prompt } = interaction;
|
||||
assertThat(session, 'session.not_found');
|
||||
|
||||
const { scope } = object({
|
||||
scope: string().optional(),
|
||||
}).parse(params);
|
||||
|
||||
// LOG-49: Connect and check scope with resource indicators
|
||||
const scopes = scope?.split(' ') ?? [];
|
||||
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
|
||||
assertThat(invalidScopes.length === 0, 'oidc.invalid_scope', {
|
||||
count: invalidScopes.length,
|
||||
scopes: invalidScopes.join(', '),
|
||||
});
|
||||
|
||||
const { accountId } = session;
|
||||
const grant =
|
||||
conditional(grantId && (await provider.Grant.find(grantId))) ??
|
||||
|
@ -96,13 +84,20 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
|
|||
// V2: fulfill missing claims / resources
|
||||
const PromptDetailsBody = object({
|
||||
missingOIDCScope: string().array().optional(),
|
||||
missingResourceScopes: object({}).catchall(string().array()).optional(),
|
||||
});
|
||||
const { missingOIDCScope } = PromptDetailsBody.parse(prompt.details);
|
||||
const { missingOIDCScope, missingResourceScopes } = PromptDetailsBody.parse(prompt.details);
|
||||
|
||||
if (missingOIDCScope) {
|
||||
grant.addOIDCScope(missingOIDCScope.join(' '));
|
||||
}
|
||||
|
||||
if (missingResourceScopes) {
|
||||
for (const [indicator, scope] of Object.entries(missingResourceScopes)) {
|
||||
grant.addResourceScope(indicator, scope.join(' '));
|
||||
}
|
||||
}
|
||||
|
||||
const finalGrantId = await grant.save();
|
||||
|
||||
// V2: configure consent
|
||||
|
|
Loading…
Add table
Reference in a new issue