Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 argoyle
|
a9ea2dace4 | ||
|
argoyle
|
aad18ad000 | ||
|
argoyle
|
b009965908 | ||
|
argoyle
|
cc1b28f81f | ||
|
argoyle
|
99a55a45e3 | ||
|
argoyle
|
7b6ff1fa0e |
+1
-1
@@ -1,4 +1,4 @@
|
||||
FROM node:17
|
||||
FROM node:18
|
||||
ENV AUDIENCE "https://shiny.unbound.se"
|
||||
ENV ORIGIN_HOST "auth0mock"
|
||||
ENV ORIGIN "https://auth0mock:3333"
|
||||
|
||||
@@ -11,10 +11,11 @@ const bodyParser = require('body-parser')
|
||||
const favicon = require('serve-favicon')
|
||||
const cert = require('./cert')
|
||||
|
||||
let issuer = 'localhost:3333'
|
||||
let issuer = process.env.ISSUER || 'localhost:3333'
|
||||
let jwksOrigin = `https://${issuer}/`
|
||||
const audience = process.env.AUDIENCE || 'https://generic-audience'
|
||||
const adminRole = process.env.ADMIN_ROLE || 'admin'
|
||||
const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
|
||||
const emailCustomClaim = process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'
|
||||
|
||||
const debug = Debug('app')
|
||||
|
||||
@@ -27,6 +28,18 @@ const corsOpts = (req, cb) => {
|
||||
cb(null, { origin: req.headers.origin })
|
||||
}
|
||||
|
||||
const addCustomClaims = (email, customClaims, token) => {
|
||||
const emailClaim = {}
|
||||
emailClaim[emailCustomClaim] = email
|
||||
return [...customClaims, emailClaim].reduce((acc, claim) => {
|
||||
return {
|
||||
...acc,
|
||||
...claim
|
||||
}
|
||||
}, token)
|
||||
|
||||
}
|
||||
|
||||
// Configure our small auth0-mock-server
|
||||
app.options('*', cors(corsOpts))
|
||||
.use(cors())
|
||||
@@ -42,19 +55,19 @@ app.post('/oauth/token', (req, res) => {
|
||||
const session = sessions[code]
|
||||
|
||||
let date = Math.floor(Date.now() / 1000)
|
||||
let accessToken = jwt.sign(Buffer.from(JSON.stringify({
|
||||
let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
|
||||
iss: jwksOrigin,
|
||||
aud: [audience],
|
||||
sub: 'auth0|' + session.email,
|
||||
iat: date,
|
||||
exp: date + 7200,
|
||||
azp: session.clientId
|
||||
})), privateKey, {
|
||||
}))), privateKey, {
|
||||
algorithm: 'RS256',
|
||||
keyid: thumbprint
|
||||
})
|
||||
|
||||
let idToken = jwt.sign(Buffer.from(JSON.stringify({
|
||||
let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
|
||||
iss: jwksOrigin,
|
||||
aud: session.clientId,
|
||||
nonce: session.nonce,
|
||||
@@ -63,9 +76,8 @@ app.post('/oauth/token', (req, res) => {
|
||||
exp: date + 7200,
|
||||
azp: session.clientId,
|
||||
name: 'Example Person',
|
||||
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg',
|
||||
'https://unbound.se/roles': session.roles
|
||||
})), privateKey, {
|
||||
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
|
||||
}))), privateKey, {
|
||||
algorithm: 'RS256',
|
||||
keyid: thumbprint
|
||||
})
|
||||
@@ -104,10 +116,8 @@ app.post('/code', (req, res) => {
|
||||
const code = req.body.codeChallenge
|
||||
challenges[req.body.codeChallenge] = code
|
||||
const state = req.body.state
|
||||
let roles = []
|
||||
if (req.body.admin === 'true') {
|
||||
roles = [adminRole]
|
||||
}
|
||||
const claim = {}
|
||||
claim[adminCustomClaim] = req.body.admin === 'true'
|
||||
sessions[code] = {
|
||||
email: req.body.email,
|
||||
password: req.body.password,
|
||||
@@ -115,7 +125,7 @@ app.post('/code', (req, res) => {
|
||||
nonce: req.body.nonce,
|
||||
clientId: req.body.clientId,
|
||||
codeChallenge: req.body.codeChallenge,
|
||||
roles: roles
|
||||
customClaims: [claim]
|
||||
}
|
||||
res.redirect(`${req.body.redirect}?domain=${issuer}&code=${code}&state=${encodeURIComponent(state)}`)
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user