Merge branch 'master' into serializing

# Conflicts: # example/internal/mock/storage.go # pkg/op/mock/storage.mock.go # pkg/op/storage.go
2020-10-15 11:19:20 +02:00 · 2020-10-15 11:19:20 +02:00 · 8be8306511
commit 8be8306511
parent 44c341d42e 9943f20215
6 changed files with 12 additions and 8 deletions
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -29,7 +29,7 @@ type OPStorage interface {
 	GetClientByClientID(context.Context, string) (Client, error)
 	AuthorizeClientIDSecret(context.Context, string, string) error
 	GetUserinfoFromScopes(context.Context, string, string, []string) (oidc.UserInfo, error)
-	GetUserinfoFromToken(context.Context, string, string) (oidc.UserInfo, error)
+	GetUserinfoFromToken(ctx context.Context, tokenID, subject, origin string) (oidc.UserInfo, error)
 	GetPrivateClaimsFromScopes(context.Context, string, string, []string) (map[string]interface{}, error)
 	GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error)
 }
--- a/pkg/op/token.go
+++ b/pkg/op/token.go
@ -74,12 +74,12 @@ func CreateAccessToken(ctx context.Context, tokenRequest TokenRequest, accessTok
 		token, err = CreateJWT(ctx, creator.Issuer(), tokenRequest, exp, id, creator.Signer(), client, creator.Storage())
 		return
 	}
-	token, err = CreateBearerToken(id, creator.Crypto())
+	token, err = CreateBearerToken(id, authReq.GetSubject(), creator.Crypto())
 	return
 }

-func CreateBearerToken(id string, crypto Crypto) (string, error) {
-	return crypto.Encrypt(id)
+func CreateBearerToken(tokenID, subject string, crypto Crypto) (string, error) {
+	return crypto.Encrypt(tokenID + ":" + subject)
 }

 func CreateJWT(ctx context.Context, issuer string, tokenRequest TokenRequest, exp time.Time, id string, signer Signer, client Client, storage Storage) (string, error) {
--- a/pkg/op/userinfo.go
+++ b/pkg/op/userinfo.go
@ -28,7 +28,7 @@ func Userinfo(w http.ResponseWriter, r *http.Request, userinfoProvider UserinfoP
 		http.Error(w, "access token missing", http.StatusUnauthorized)
 		return
 	}
-	tokenID, err := userinfoProvider.Crypto().Decrypt(accessToken)
+	tokenIDSubject, err := userinfoProvider.Crypto().Decrypt(accessToken)
 	if err != nil {
 		accessTokenClaims, err := VerifyAccessToken(r.Context(), accessToken, userinfoProvider.AccessTokenVerifier())
 		if err != nil {
@ -37,7 +37,8 @@ func Userinfo(w http.ResponseWriter, r *http.Request, userinfoProvider UserinfoP
 		}
 		tokenID = accessTokenClaims.GetTokenID()
 	}
-	info, err := userinfoProvider.Storage().GetUserinfoFromToken(r.Context(), tokenID, r.Header.Get("origin"))
+	splittedToken := strings.Split(tokenIDSubject, ":")
+	info, err := userinfoProvider.Storage().GetUserinfoFromToken(r.Context(), splittedToken[0], splittedToken[1], r.Header.Get("origin"))
 	if err != nil {
 		w.WriteHeader(http.StatusForbidden)
 		utils.MarshalJSON(w, err)