TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: return authorizations on userinfo (#420)

Browse Source
This commit is contained in:
Livio Amstutz
2020-07-09 14:05:12 +02:00
committed by GitHub
parent 7cf13a646d
commit 8efa697af2
10 changed files with 54 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/api/oidc/auth_request.go
View File

@@ -2,6 +2,7 @@ package oidc
import (
"context"
"fmt"
"time"
"github.com/caos/oidc/pkg/oidc"
@@ -10,6 +11,7 @@ import (
"github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
)
func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (op.AuthRequest, error) {
@@ -54,13 +56,29 @@ func (o *OPStorage) CreateToken(ctx context.Context, authReq op.AuthRequest) (st
if err != nil {
return "", time.Time{}, err
}
resp, err := o.repo.CreateToken(ctx, req.AgentID, req.ApplicationID, req.UserID, req.Audience, req.Request.(*model.AuthRequestOIDC).Scopes, o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
app, err := o.repo.ApplicationByClientID(ctx, req.ApplicationID)
if err != nil {
return "", time.Time{}, err
}
grants, err := o.repo.UserGrantsByProjectAndUserID(app.ProjectID, req.UserID)
scopes := append(req.Request.(*model.AuthRequestOIDC).Scopes, grantsToScopes(grants)...)
resp, err := o.repo.CreateToken(ctx, req.AgentID, req.ApplicationID, req.UserID, req.Audience, scopes, o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
if err != nil {
return "", time.Time{}, err
}
return resp.ID, resp.Expiration, nil
}
func grantsToScopes(grants []*grant_model.UserGrantView) []string {
scopes := make([]string, 0)
for _, grant := range grants {
for _, role := range grant.RoleKeys {
scopes = append(scopes, fmt.Sprintf("%v:%v", grant.ResourceOwner, role))
}
}
return scopes
}
func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID string) error {
userAgentID, ok := UserAgentIDFromCtx(ctx)
if !ok {

2
internal/api/oidc/client.go
View File

@@ -79,6 +79,8 @@ func (o *OPStorage) GetUserinfoFromScopes(ctx context.Context, userID string, sc
userInfo.Address.Region = user.Region
userInfo.Address.PostalCode = user.PostalCode
userInfo.Address.Country = user.Country
default:
userInfo.Authorizations = append(userInfo.Authorizations, scope)
}
}
return userInfo, nil