Merge pull request #16 from cerberauth/add-tokens-claims

feat: add tokens top level claims
cerberauth · Aug 19, 2024 · 77b7aef · 77b7aef
2 parents b5d36ec + b573e14
commit 77b7aef
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 9 deletions.
diff --git a/.docker/hydra/hydra.yml b/.docker/hydra/hydra.yml
@@ -53,6 +53,7 @@ oauth2:
     - family_name
     - name
     - email
+    - email_verified
   mirror_top_level_claims: false
 
   grant:

diff --git a/hydra-login-consent/routes/consent.go b/hydra-login-consent/routes/consent.go
@@ -15,6 +15,25 @@ func newAcceptConsentRequest(consentRequest *hydraClient.OAuth2ConsentRequest) *
 	acceptConsentRequest.SetRememberFor(3600 * 12)
 	acceptConsentRequest.SetGrantScope(consentRequest.GetRequestedScope())
 	acceptConsentRequest.SetGrantAccessTokenAudience(consentRequest.GetRequestedAccessTokenAudience())
+
+	consentRequestContext, ok := consentRequest.GetContextOk()
+	if ok {
+		consentRequestContextMap := (*consentRequestContext).(map[string]interface{})
+		name := consentRequestContextMap["name"].(string)
+		email := consentRequestContextMap["email"].(string)
+		tokenClaims := map[string]interface{}{
+			"preferred_username": email,
+			"email":              email,
+			"email_verified":     true,
+			"name":               name,
+		}
+
+		session := hydraClient.NewAcceptOAuth2ConsentRequestSession()
+		session.SetAccessToken(tokenClaims)
+		session.SetIdToken(tokenClaims)
+		acceptConsentRequest.SetSession(*session)
+	}
+
 	return acceptConsentRequest
 }
 
@@ -35,8 +54,6 @@ func (h *Handler) Consent(c *gin.Context) {
 	}
 
 	if consentRequest.GetSkip() {
-		fmt.Printf("Accepting consent request because it was skipped\n")
-
 		acceptConsentRequest := newAcceptConsentRequest(consentRequest)
 		acceptResp, r, err := h.hydraApi.OAuth2API.AcceptOAuth2ConsentRequest(c).ConsentChallenge(challenge).AcceptOAuth2ConsentRequest(*acceptConsentRequest).Execute()
 		if err != nil {
@@ -76,7 +93,6 @@ func (h *Handler) Consent(c *gin.Context) {
 
 type PostConsentForm struct {
 	Challenge string `form:"challenge" binding:"required"`
-	// Scopes    []string `form:"scopes" binding:"required"`
 }
 
 func (h *Handler) PostConsent(c *gin.Context) {

diff --git a/hydra-login-consent/routes/login.go b/hydra-login-consent/routes/login.go
@@ -50,8 +50,6 @@ func (h *Handler) Login(c *gin.Context) {
 	}
 
 	if loginRequest.Skip {
-		fmt.Printf("Accepting login request because it was skipped\n")
-
 		acceptLoginRequest := newAcceptLoginRequest(loginRequest.GetSubject())
 		acceptResp, r, err := h.hydraApi.OAuth2API.AcceptOAuth2LoginRequest(c).LoginChallenge(challenge).AcceptOAuth2LoginRequest(*acceptLoginRequest).Execute()
 		if err != nil {

diff --git a/hydra-login-consent/templates/consent.html b/hydra-login-consent/templates/consent.html
@@ -25,10 +25,10 @@
                 <h1 class="text-2xl font-bold text-center text-gray-900">Authorize {{ .ClientName }}</h1>
                 <input type="hidden" name="challenge" value="{{ .Challenge }}">
 
-                <p class="text-sm text-center text-gray-500">
+                <p class="text-gray-600">
                     Application {{ .ClientName }} is requesting the following permissions:
                 </p>
-                <ul class="list-disc list-inside text-sm text-gray-500">
+                <ul class="list-disc list-inside text-gray-600">
                     {{ range .RequestedScope }}
                     <li>{{ . }}</li>
                     {{ end }}
@@ -44,7 +44,7 @@ <h1 class="text-2xl font-bold text-center text-gray-900">Authorize {{ .ClientNam
                     </button> -->
                 </div>
                 {{ if or .PolicyUri .TosUri }}
-                <div class="flex justify-center space-x-2 text-sm text-gray-500">
+                <div class="flex justify-center space-x-2 text-sm text-gray-600">
                     {{ if .PolicyUri }}
                     <a class="underline" href="{{ .PolicyUri }}">
                         Privacy Policy

diff --git a/hydra-login-consent/templates/error.html b/hydra-login-consent/templates/error.html
@@ -16,7 +16,7 @@
     <div class="flex flex-col items-center justify-center min-h-screen bg-gray-50">
         <div class="w-full max-w-md p-8 space-y-6 bg-white rounded-lg shadow-md">
             <h1 class="text-2xl font-bold text-center text-gray-900">Error ({{ .ErrorTitle }})</h1>
-            <p class="text-sm text-center text-gray-500">{{ .ErrorDescription }}</p>
+            <p class="text-sm text-center text-gray-600">{{ .ErrorDescription }}</p>
             <!-- <div class="flex flex-col space-y-4">
                 <a href="{{ .RedirectUri }}"
                     class="inline-flex items-center justify-center whitespace-nowrap rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 bg-zinc-900 text-zinc-50 hover:bg-zinc-800 h-10 px-4 py-2 w-full">
-Original file line number
+Diff line change
@@ Expand Up / @@ -53,6 +53,7 @@ oauth2: @@
         - family_name
         - name
         - email
+        - email_verified
       mirror_top_level_claims: false
       grant:
@@ Expand Down @@