Compare commits
19 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 argoyle
|
6dda660e78 | ||
|
argoyle
|
534772b315 | ||
|
argoyle
|
3bdfe7bf0e | ||
|
argoyle
|
edba76d0ab | ||
|
argoyle
|
5289b4fa23 | ||
|
argoyle
|
eef7168f37 | ||
|
argoyle
|
596967ff72 | ||
|
argoyle
|
5f2385a92f | ||
|
argoyle
|
a5653c8ea6 | ||
|
argoyle
|
75ec899c99 | ||
|
argoyle
|
cb31381be2 | ||
|
argoyle
|
9ee344311a | ||
|
argoyle
|
d7e3b10e80 | ||
|
argoyle
|
7b306dd500 | ||
|
argoyle
|
22d096a2be | ||
|
argoyle
|
858cb96e10 | ||
|
argoyle
|
e8dd55208c | ||
|
argoyle
|
dbf5206c1b | ||
|
argoyle
|
4229508bba |
@@ -40,6 +40,13 @@ const addCustomClaims = (email, customClaims, token) => {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const signToken = (token) => {
|
||||||
|
return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
|
||||||
|
algorithm: 'RS256',
|
||||||
|
keyid: thumbprint
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// Configure our small auth0-mock-server
|
// Configure our small auth0-mock-server
|
||||||
app.options('*', cors(corsOpts))
|
app.options('*', cors(corsOpts))
|
||||||
.use(cors())
|
.use(cors())
|
||||||
@@ -51,47 +58,73 @@ app.options('*', cors(corsOpts))
|
|||||||
|
|
||||||
// This route can be used to generate a valid jwt-token.
|
// This route can be used to generate a valid jwt-token.
|
||||||
app.post('/oauth/token', (req, res) => {
|
app.post('/oauth/token', (req, res) => {
|
||||||
const code = req.body.code
|
|
||||||
const session = sessions[code]
|
|
||||||
|
|
||||||
let date = Math.floor(Date.now() / 1000)
|
let date = Math.floor(Date.now() / 1000)
|
||||||
let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
|
if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
|
||||||
iss: jwksOrigin,
|
let accessToken = signToken({
|
||||||
aud: [audience],
|
iss: jwksOrigin,
|
||||||
sub: 'auth0|' + session.email,
|
aud: [audience],
|
||||||
iat: date,
|
sub: 'auth0|management',
|
||||||
exp: date + 7200,
|
iat: date,
|
||||||
azp: session.clientId
|
exp: date + 7200,
|
||||||
}))), privateKey, {
|
azp: req.body.client_id
|
||||||
algorithm: 'RS256',
|
})
|
||||||
keyid: thumbprint
|
|
||||||
})
|
|
||||||
|
|
||||||
let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
|
let idToken = signToken({
|
||||||
iss: jwksOrigin,
|
iss: jwksOrigin,
|
||||||
aud: session.clientId,
|
aud: req.body.client_id,
|
||||||
nonce: session.nonce,
|
sub: 'auth0|management',
|
||||||
sub: 'auth0|' + session.email,
|
iat: date,
|
||||||
iat: date,
|
exp: date + 7200,
|
||||||
exp: date + 7200,
|
azp: req.body.client_id,
|
||||||
azp: session.clientId,
|
name: 'Management API'
|
||||||
name: 'Example Person',
|
})
|
||||||
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
|
|
||||||
}))), privateKey, {
|
|
||||||
algorithm: 'RS256',
|
|
||||||
keyid: thumbprint
|
|
||||||
})
|
|
||||||
|
|
||||||
debug('Signed token for ' + session.email)
|
debug('Signed token for management API')
|
||||||
// res.json({ token });
|
|
||||||
|
|
||||||
res.json({
|
res.json({
|
||||||
access_token: accessToken,
|
access_token: accessToken,
|
||||||
id_token: idToken,
|
id_token: idToken,
|
||||||
scope: 'openid%20profile%20email',
|
scope: 'openid%20profile%20email',
|
||||||
expires_in: 7200,
|
expires_in: 7200,
|
||||||
token_type: 'Bearer'
|
token_type: 'Bearer'
|
||||||
})
|
})
|
||||||
|
} else if (req.body.code) {
|
||||||
|
const code = req.body.code
|
||||||
|
const session = sessions[code]
|
||||||
|
let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
|
||||||
|
iss: jwksOrigin,
|
||||||
|
aud: [audience],
|
||||||
|
sub: 'auth0|' + session.email,
|
||||||
|
iat: date,
|
||||||
|
exp: date + 7200,
|
||||||
|
azp: session.clientId
|
||||||
|
}))
|
||||||
|
|
||||||
|
let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
|
||||||
|
iss: jwksOrigin,
|
||||||
|
aud: session.clientId,
|
||||||
|
nonce: session.nonce,
|
||||||
|
sub: 'auth0|' + session.email,
|
||||||
|
iat: date,
|
||||||
|
exp: date + 7200,
|
||||||
|
azp: session.clientId,
|
||||||
|
name: 'Example Person',
|
||||||
|
picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
|
||||||
|
}))
|
||||||
|
|
||||||
|
debug('Signed token for ' + session.email)
|
||||||
|
|
||||||
|
res.json({
|
||||||
|
access_token: accessToken,
|
||||||
|
id_token: idToken,
|
||||||
|
scope: 'openid%20profile%20email',
|
||||||
|
expires_in: 7200,
|
||||||
|
token_type: 'Bearer'
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
res.status(401)
|
||||||
|
res.send('Missing client_id or client_secret')
|
||||||
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
// This route can be used to generate a valid jwt-token.
|
// This route can be used to generate a valid jwt-token.
|
||||||
|
|||||||
+4
-4
@@ -12,17 +12,17 @@
|
|||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"base64-url": "^2.3.3",
|
"base64-url": "^2.3.3",
|
||||||
"body-parser": "^1.20.0",
|
"body-parser": "^1.20.1",
|
||||||
"buffer": "^6.0.3",
|
"buffer": "^6.0.3",
|
||||||
"cookie-parser": "^1.4.6",
|
"cookie-parser": "^1.4.6",
|
||||||
"cors": "^2.8.3",
|
"cors": "^2.8.3",
|
||||||
"debug": "^4.3.4",
|
"debug": "^4.3.4",
|
||||||
"express": "^4.18.0",
|
"express": "^4.18.2",
|
||||||
"https-localhost": "^4.7.1",
|
"https-localhost": "^4.7.1",
|
||||||
"jsonwebtoken": "^8.5.1",
|
"jsonwebtoken": "^9.0.0",
|
||||||
"node-forge": "^1.3.1",
|
"node-forge": "^1.3.1",
|
||||||
"node-rsa": "^1.1.1",
|
"node-rsa": "^1.1.1",
|
||||||
"nodemon": "^2.0.15",
|
"nodemon": "^2.0.20",
|
||||||
"serve-favicon": "^2.4.2"
|
"serve-favicon": "^2.4.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user