cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: bearer access token includes tokenid and subject (#62)

Browse source
This commit is contained in:
Fabi 2020-10-15 09:38:06 +02:00 committed by GitHub
parent 49324646d7
commit 9943f20215
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/op/userinfo.go
View file

@ -27,12 +27,13 @@ func Userinfo(w http.ResponseWriter, r *http.Request, userinfoProvider UserinfoP
http.Error(w, "access token missing", http.StatusUnauthorized)
return
}
tokenID, err := userinfoProvider.Crypto().Decrypt(accessToken)
tokenIDSubject, err := userinfoProvider.Crypto().Decrypt(accessToken)
if err != nil {
http.Error(w, "access token missing", http.StatusUnauthorized)
return
}
info, err := userinfoProvider.Storage().GetUserinfoFromToken(r.Context(), tokenID, r.Header.Get("origin"))
splittedToken := strings.Split(tokenIDSubject, ":")
info, err := userinfoProvider.Storage().GetUserinfoFromToken(r.Context(), splittedToken[0], splittedToken[1], r.Header.Get("origin"))
if err != nil {
w.WriteHeader(http.StatusForbidden)
utils.MarshalJSON(w, err)