lavender/server/id_token.go

package server

import (
	"github.com/1f349/lavender/database"
	"github.com/1f349/mjwt"
	"github.com/go-oauth2/oauth2/v4"
	"github.com/go-oauth2/oauth2/v4/server"
	"github.com/golang-jwt/jwt/v4"
	"strings"
)

func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
	srv.SetExtensionFieldsHandler(func(ti oauth2.TokenInfo) (fieldsValue map[string]interface{}) {
		scope := ti.GetScope()
		if containsScope(scope, "openid") {
			idToken, err := generateIDToken(ti, db, key)
			if err != nil {
				return
			}
			fieldsValue = map[string]interface{}{}
			fieldsValue["id_token"] = idToken
		}
		return
	})
}

// IdTokenClaims contains the JWT claims for an access token
type IdTokenClaims struct {
	Subject string `json:"subject"`
}

func (a IdTokenClaims) Valid() error { return nil }
func (a IdTokenClaims) Type() string { return "id-token" }

func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
	tx, err := us.Begin()
	if err != nil {
		return "", err
	}
	user, err := tx.GetUser(ti.GetUserID())
	if err != nil {
		return "", err
	}
	tx.Rollback()

	token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
	return
}

func containsScope(scopes, s string) bool {
	_scopes := strings.Split(scopes, " ")
	for _, _s := range _scopes {
		if _s == s {
			return true
		}
	}
	return false
}
Add ID token support 2024-02-15 12:41:39 +00:00			`package server`

			`import (`
			`"github.com/1f349/lavender/database"`
			`"github.com/1f349/mjwt"`
			`"github.com/go-oauth2/oauth2/v4"`
			`"github.com/go-oauth2/oauth2/v4/server"`
			`"github.com/golang-jwt/jwt/v4"`
			`"strings"`
			`)`

			`func addIdTokenSupport(srv server.Server, db database.DB, key mjwt.Signer) {`
			`srv.SetExtensionFieldsHandler(func(ti oauth2.TokenInfo) (fieldsValue map[string]interface{}) {`
			`scope := ti.GetScope()`
			`if containsScope(scope, "openid") {`
			`idToken, err := generateIDToken(ti, db, key)`
			`if err != nil {`
			`return`
			`}`
			`fieldsValue = map[string]interface{}{}`
			`fieldsValue["id_token"] = idToken`
			`}`
			`return`
			`})`
			`}`

			`// IdTokenClaims contains the JWT claims for an access token`
Use SameSiteLaxMode 2024-02-15 14:44:58 +00:00			`type IdTokenClaims struct {`
			Subject string `json:"subject"`
			`}`
Add ID token support 2024-02-15 12:41:39 +00:00
			`func (a IdTokenClaims) Valid() error { return nil }`
Use SameSiteLaxMode 2024-02-15 14:44:58 +00:00			`func (a IdTokenClaims) Type() string { return "id-token" }`
Add ID token support 2024-02-15 12:41:39 +00:00
			`func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {`
			`tx, err := us.Begin()`
			`if err != nil {`
			`return "", err`
			`}`
			`user, err := tx.GetUser(ti.GetUserID())`
			`if err != nil {`
			`return "", err`
			`}`
Make sure to rollback as no new data is committed 2024-02-15 12:59:18 +00:00			`tx.Rollback()`
Add ID token support 2024-02-15 12:41:39 +00:00
Use SameSiteLaxMode 2024-02-15 14:44:58 +00:00			`token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})`
Add ID token support 2024-02-15 12:41:39 +00:00			`return`
			`}`

			`func containsScope(scopes, s string) bool {`
			`_scopes := strings.Split(scopes, " ")`
			`for _, _s := range _scopes {`
			`if _s == s {`
			`return true`
			`}`
			`}`
			`return false`
			`}`