fix: add custom claims to both id and access token

feat: add email custom claim
feat: add env-property for default issuer
2022-04-26 11:49:19 +02:00 · 2022-04-26 11:08:19 +02:00 · 2022-04-26 09:55:56 +02:00
1 changed files with 18 additions and 11 deletions
@@ -11,10 +11,11 @@ const bodyParser = require('body-parser')
 const favicon = require('serve-favicon')
 const cert = require('./cert')

-let issuer = 'localhost:3333'
+let issuer = process.env.ISSUER || 'localhost:3333'
 let jwksOrigin = `https://${issuer}/`
 const audience = process.env.AUDIENCE || 'https://generic-audience'
 const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
+const emailCustomClaim = process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'

 const debug = Debug('app')

@@ -27,6 +28,18 @@ const corsOpts = (req, cb) => {
  cb(null, { origin: req.headers.origin })
 }

+const addCustomClaims = (email, customClaims, token) => {
+  const emailClaim = {}
+  emailClaim[emailCustomClaim] = email
+  return [...customClaims, emailClaim].reduce((acc, claim) => {
+    return {
+      ...acc,
+      ...claim
+    }
+  }, token)
+
+}
+
 // Configure our small auth0-mock-server
 app.options('*', cors(corsOpts))
  .use(cors())
@@ -42,24 +55,19 @@ app.post('/oauth/token', (req, res) => {
  const session = sessions[code]

  let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify({
+  let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
    iss: jwksOrigin,
    aud: [audience],
    sub: 'auth0|' + session.email,
    iat: date,
    exp: date + 7200,
    azp: session.clientId
-  })), privateKey, {
+  }))), privateKey, {
    algorithm: 'RS256',
    keyid: thumbprint
  })

-  const token = session.customClaims.reduce((acc, claim) => {
-    return {
-      ...acc,
-      ...claim
-    }
-  }, {
+  let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
    iss: jwksOrigin,
    aud: session.clientId,
    nonce: session.nonce,
@@ -69,8 +77,7 @@ app.post('/oauth/token', (req, res) => {
    azp: session.clientId,
    name: 'Example Person',
    picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  })
-  let idToken = jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+  }))), privateKey, {
    algorithm: 'RS256',
    keyid: thumbprint
  })
Author	SHA1	Message	Date
argoyle	a9ea2dace4	fix: add custom claims to both id and access token	2022-04-26 11:49:19 +02:00
argoyle	aad18ad000	feat: add email custom claim	2022-04-26 11:08:19 +02:00
argoyle	b009965908	feat: add env-property for default issuer	2022-04-26 09:55:56 +02:00