From a9ea2dace4724ea7500009479d3eaeb709bbbb28 Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Tue, 26 Apr 2022 11:49:19 +0200 Subject: [PATCH] fix: add custom claims to both id and access token --- app.js | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/app.js b/app.js index ef7964f..e77072c 100644 --- a/app.js +++ b/app.js @@ -28,6 +28,18 @@ const corsOpts = (req, cb) => { cb(null, { origin: req.headers.origin }) } +const addCustomClaims = (email, customClaims, token) => { + const emailClaim = {} + emailClaim[emailCustomClaim] = email + return [...customClaims, emailClaim].reduce((acc, claim) => { + return { + ...acc, + ...claim + } + }, token) + +} + // Configure our small auth0-mock-server app.options('*', cors(corsOpts)) .use(cors()) @@ -43,26 +55,19 @@ app.post('/oauth/token', (req, res) => { const session = sessions[code] let date = Math.floor(Date.now() / 1000) - let accessToken = jwt.sign(Buffer.from(JSON.stringify({ + let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, { iss: jwksOrigin, aud: [audience], sub: 'auth0|' + session.email, iat: date, exp: date + 7200, azp: session.clientId - })), privateKey, { + }))), privateKey, { algorithm: 'RS256', keyid: thumbprint }) - const emailClaim = {} - emailClaim[emailCustomClaim] = session.email - const token = [...session.customClaims, emailClaim].reduce((acc, claim) => { - return { - ...acc, - ...claim - } - }, { + let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, { iss: jwksOrigin, aud: session.clientId, nonce: session.nonce, @@ -72,8 +77,7 @@ app.post('/oauth/token', (req, res) => { azp: session.clientId, name: 'Example Person', picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg' - }) - let idToken = jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, { + }))), privateKey, { algorithm: 'RS256', keyid: thumbprint })