From b573e1457579b4fb901f007cd86699e26d210e9e Mon Sep 17 00:00:00 2001 From: Emmanuel Gautier Date: Mon, 19 Aug 2024 18:01:29 +0200 Subject: [PATCH] feat: add tokens top level claims --- .docker/hydra/hydra.yml | 1 + hydra-login-consent/routes/consent.go | 22 +++++++++++++++++++--- hydra-login-consent/routes/login.go | 2 -- hydra-login-consent/templates/consent.html | 6 +++--- hydra-login-consent/templates/error.html | 2 +- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/.docker/hydra/hydra.yml b/.docker/hydra/hydra.yml index d2635d7..b07baa6 100644 --- a/.docker/hydra/hydra.yml +++ b/.docker/hydra/hydra.yml @@ -53,6 +53,7 @@ oauth2: - family_name - name - email + - email_verified mirror_top_level_claims: false grant: diff --git a/hydra-login-consent/routes/consent.go b/hydra-login-consent/routes/consent.go index 90cf23d..add983d 100644 --- a/hydra-login-consent/routes/consent.go +++ b/hydra-login-consent/routes/consent.go @@ -15,6 +15,25 @@ func newAcceptConsentRequest(consentRequest *hydraClient.OAuth2ConsentRequest) * acceptConsentRequest.SetRememberFor(3600 * 12) acceptConsentRequest.SetGrantScope(consentRequest.GetRequestedScope()) acceptConsentRequest.SetGrantAccessTokenAudience(consentRequest.GetRequestedAccessTokenAudience()) + + consentRequestContext, ok := consentRequest.GetContextOk() + if ok { + consentRequestContextMap := (*consentRequestContext).(map[string]interface{}) + name := consentRequestContextMap["name"].(string) + email := consentRequestContextMap["email"].(string) + tokenClaims := map[string]interface{}{ + "preferred_username": email, + "email": email, + "email_verified": true, + "name": name, + } + + session := hydraClient.NewAcceptOAuth2ConsentRequestSession() + session.SetAccessToken(tokenClaims) + session.SetIdToken(tokenClaims) + acceptConsentRequest.SetSession(*session) + } + return acceptConsentRequest } @@ -35,8 +54,6 @@ func (h *Handler) Consent(c *gin.Context) { } if consentRequest.GetSkip() { - fmt.Printf("Accepting consent request because it was skipped\n") - acceptConsentRequest := newAcceptConsentRequest(consentRequest) acceptResp, r, err := h.hydraApi.OAuth2API.AcceptOAuth2ConsentRequest(c).ConsentChallenge(challenge).AcceptOAuth2ConsentRequest(*acceptConsentRequest).Execute() if err != nil { @@ -76,7 +93,6 @@ func (h *Handler) Consent(c *gin.Context) { type PostConsentForm struct { Challenge string `form:"challenge" binding:"required"` - // Scopes []string `form:"scopes" binding:"required"` } func (h *Handler) PostConsent(c *gin.Context) { diff --git a/hydra-login-consent/routes/login.go b/hydra-login-consent/routes/login.go index e77e8e5..5a5e98a 100644 --- a/hydra-login-consent/routes/login.go +++ b/hydra-login-consent/routes/login.go @@ -50,8 +50,6 @@ func (h *Handler) Login(c *gin.Context) { } if loginRequest.Skip { - fmt.Printf("Accepting login request because it was skipped\n") - acceptLoginRequest := newAcceptLoginRequest(loginRequest.GetSubject()) acceptResp, r, err := h.hydraApi.OAuth2API.AcceptOAuth2LoginRequest(c).LoginChallenge(challenge).AcceptOAuth2LoginRequest(*acceptLoginRequest).Execute() if err != nil { diff --git a/hydra-login-consent/templates/consent.html b/hydra-login-consent/templates/consent.html index 224a992..5e96387 100644 --- a/hydra-login-consent/templates/consent.html +++ b/hydra-login-consent/templates/consent.html @@ -25,10 +25,10 @@

Authorize {{ .ClientName }}

-

+

Application {{ .ClientName }} is requesting the following permissions:

-