cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: append client id to aud

Browse source
This commit is contained in:
Fabiennne 2020-11-13 13:47:53 +01:00
parent d6dab32393
commit 65491c6c35
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/oidc/token.go
View file

@ -48,8 +48,11 @@ func EmptyAccessTokenClaims() AccessTokenClaims {
return new(accessTokenClaims) return new(accessTokenClaims)
} }
func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, id string) AccessTokenClaims { func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, id, clientID string) AccessTokenClaims {
now := time.Now().UTC() now := time.Now().UTC()
if len(audience) == 0 {
audience = append(audience, clientID)
}
return &accessTokenClaims{ return &accessTokenClaims{
Issuer: issuer, Issuer: issuer,
Subject: subject, Subject: subject,

2
pkg/op/token.go
View file

@ -83,7 +83,7 @@ func CreateBearerToken(tokenID, subject string, crypto Crypto) (string, error) {
} }
func CreateJWT(ctx context.Context, issuer string, tokenRequest TokenRequest, exp time.Time, id string, signer Signer, client Client, storage Storage) (string, error) { func CreateJWT(ctx context.Context, issuer string, tokenRequest TokenRequest, exp time.Time, id string, signer Signer, client Client, storage Storage) (string, error) {
claims := oidc.NewAccessTokenClaims(issuer, tokenRequest.GetSubject(), tokenRequest.GetAudience(), exp, id) claims := oidc.NewAccessTokenClaims(issuer, tokenRequest.GetSubject(), tokenRequest.GetAudience(), exp, id, client.GetID())
if client != nil { if client != nil {
restrictedScopes := client.RestrictAdditionalAccessTokenScopes()(tokenRequest.GetScopes()) restrictedScopes := client.RestrictAdditionalAccessTokenScopes()(tokenRequest.GetScopes())
privateClaims, err := storage.GetPrivateClaimsFromScopes(ctx, tokenRequest.GetSubject(), client.GetID(), removeUserinfoScopes(restrictedScopes)) privateClaims, err := storage.GetPrivateClaimsFromScopes(ctx, tokenRequest.GetSubject(), client.GetID(), removeUserinfoScopes(restrictedScopes))