0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-20 21:32:31 -05:00

refactor(core): enable userinfo endpoint and resource scope consent (#187)

* refactor(core): enable userinfo endpoint and resource scope consent

enable userinfo endpoint and resource scope consent

* fix(core): cr fix add comment

add comment for useGrantedResource settigns reference
This commit is contained in:
simeng-li 2022-01-24 10:13:18 +08:00 committed by GitHub
parent d78aa07f7e
commit 93df7db2ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 13 deletions

View file

@ -36,11 +36,15 @@ export default async function initOidc(app: Koa): Promise<Provider> {
keys,
},
features: {
userinfo: { enabled: true },
revocation: { enabled: true },
introspection: { enabled: true },
devInteractions: { enabled: false },
resourceIndicators: {
enabled: true,
// Disable the auto use of authorization_code granted resource feature
// https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#usegrantedresource
useGrantedResource: () => false,
getResourceServerInfo: async (ctx, indicator) => {
const resourceServer = await findResourceByIdentifier(indicator);

View file

@ -76,18 +76,6 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
const { session, grantId, params, prompt } = interaction;
assertThat(session, 'session.not_found');
const { scope } = object({
scope: string().optional(),
}).parse(params);
// LOG-49: Connect and check scope with resource indicators
const scopes = scope?.split(' ') ?? [];
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
assertThat(invalidScopes.length === 0, 'oidc.invalid_scope', {
count: invalidScopes.length,
scopes: invalidScopes.join(', '),
});
const { accountId } = session;
const grant =
conditional(grantId && (await provider.Grant.find(grantId))) ??
@ -96,13 +84,20 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
// V2: fulfill missing claims / resources
const PromptDetailsBody = object({
missingOIDCScope: string().array().optional(),
missingResourceScopes: object({}).catchall(string().array()).optional(),
});
const { missingOIDCScope } = PromptDetailsBody.parse(prompt.details);
const { missingOIDCScope, missingResourceScopes } = PromptDetailsBody.parse(prompt.details);
if (missingOIDCScope) {
grant.addOIDCScope(missingOIDCScope.join(' '));
}
if (missingResourceScopes) {
for (const [indicator, scope] of Object.entries(missingResourceScopes)) {
grant.addResourceScope(indicator, scope.join(' '));
}
}
const finalGrantId = await grant.save();
// V2: configure consent