Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 argoyle
|
cc1b28f81f | ||
|
argoyle
|
99a55a45e3 | ||
|
argoyle
|
7b6ff1fa0e |
+1
-1
@@ -1,4 +1,4 @@
|
|||||||
FROM node:17
|
FROM node:18
|
||||||
ENV AUDIENCE "https://shiny.unbound.se"
|
ENV AUDIENCE "https://shiny.unbound.se"
|
||||||
ENV ORIGIN_HOST "auth0mock"
|
ENV ORIGIN_HOST "auth0mock"
|
||||||
ENV ORIGIN "https://auth0mock:3333"
|
ENV ORIGIN "https://auth0mock:3333"
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ const cert = require('./cert')
|
|||||||
let issuer = 'localhost:3333'
|
let issuer = 'localhost:3333'
|
||||||
let jwksOrigin = `https://${issuer}/`
|
let jwksOrigin = `https://${issuer}/`
|
||||||
const audience = process.env.AUDIENCE || 'https://generic-audience'
|
const audience = process.env.AUDIENCE || 'https://generic-audience'
|
||||||
const adminRole = process.env.ADMIN_ROLE || 'admin'
|
const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
|
||||||
|
|
||||||
const debug = Debug('app')
|
const debug = Debug('app')
|
||||||
|
|
||||||
@@ -54,7 +54,12 @@ app.post('/oauth/token', (req, res) => {
|
|||||||
keyid: thumbprint
|
keyid: thumbprint
|
||||||
})
|
})
|
||||||
|
|
||||||
let idToken = jwt.sign(Buffer.from(JSON.stringify({
|
const token = session.customClaims.reduce((acc, claim) => {
|
||||||
|
return {
|
||||||
|
...acc,
|
||||||
|
...claim
|
||||||
|
}
|
||||||
|
}, {
|
||||||
iss: jwksOrigin,
|
iss: jwksOrigin,
|
||||||
aud: session.clientId,
|
aud: session.clientId,
|
||||||
nonce: session.nonce,
|
nonce: session.nonce,
|
||||||
@@ -63,9 +68,9 @@ app.post('/oauth/token', (req, res) => {
|
|||||||
exp: date + 7200,
|
exp: date + 7200,
|
||||||
azp: session.clientId,
|
azp: session.clientId,
|
||||||
name: 'Example Person',
|
name: 'Example Person',
|
||||||
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg',
|
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
|
||||||
'https://unbound.se/roles': session.roles
|
})
|
||||||
})), privateKey, {
|
let idToken = jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
|
||||||
algorithm: 'RS256',
|
algorithm: 'RS256',
|
||||||
keyid: thumbprint
|
keyid: thumbprint
|
||||||
})
|
})
|
||||||
@@ -104,10 +109,8 @@ app.post('/code', (req, res) => {
|
|||||||
const code = req.body.codeChallenge
|
const code = req.body.codeChallenge
|
||||||
challenges[req.body.codeChallenge] = code
|
challenges[req.body.codeChallenge] = code
|
||||||
const state = req.body.state
|
const state = req.body.state
|
||||||
let roles = []
|
const claim = {}
|
||||||
if (req.body.admin === 'true') {
|
claim[adminCustomClaim] = req.body.admin === 'true'
|
||||||
roles = [adminRole]
|
|
||||||
}
|
|
||||||
sessions[code] = {
|
sessions[code] = {
|
||||||
email: req.body.email,
|
email: req.body.email,
|
||||||
password: req.body.password,
|
password: req.body.password,
|
||||||
@@ -115,7 +118,7 @@ app.post('/code', (req, res) => {
|
|||||||
nonce: req.body.nonce,
|
nonce: req.body.nonce,
|
||||||
clientId: req.body.clientId,
|
clientId: req.body.clientId,
|
||||||
codeChallenge: req.body.codeChallenge,
|
codeChallenge: req.body.codeChallenge,
|
||||||
roles: roles
|
customClaims: [claim]
|
||||||
}
|
}
|
||||||
res.redirect(`${req.body.redirect}?domain=${issuer}&code=${code}&state=${encodeURIComponent(state)}`)
|
res.redirect(`${req.body.redirect}?domain=${issuer}&code=${code}&state=${encodeURIComponent(state)}`)
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user