Merge remote-tracking branch 'origin/service-accounts' into service-accounts

pkg/op/token.go

@@ -43,6 +43,20 @@ func CreateTokenResponse(ctx context.Context, authReq AuthRequest, client Client
 	}, nil
 }
 
+func CreateJWTTokenResponse(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator) (*oidc.AccessTokenResponse, error) {
+	accessToken, validity, err := CreateAccessToken(ctx, authReq, client, creator)
+	if err != nil {
+		return nil, err
+	}
+
+	exp := uint64(validity.Seconds())
+	return &oidc.AccessTokenResponse{
+		AccessToken: accessToken,
+		TokenType:   oidc.BearerToken,
+		ExpiresIn:   exp,
+	}, nil
+}
+
 func CreateAccessToken(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator) (token string, validity time.Duration, err error) {
 	id, exp, err := creator.Storage().CreateToken(ctx, authReq)
 	if err != nil {

pkg/op/tokenrequest.go

@@ -127,9 +127,16 @@ func JWTExchange(w http.ResponseWriter, r *http.Request, exchanger VerifyExchang
 		RequestError(w, r, err)
 	}
 	claims, err := exchanger.Verifier().Verify(r.Context(), "", assertion)
-	fmt.Println(claims, err)
 
-	_ = assertion
+	fmt.Println(claims, err)
+	var authReq AuthRequest
+	var client Client
+	resp, err := CreateJWTTokenResponse(r.Context(), authReq, client, exchanger)
+	if err != nil {
+		RequestError(w, r, err)
+		return
+	}
+	utils.MarshalJSON(w, resp)
 }
 
 func ParseJWTTokenRequest(r *http.Request, decoder *schema.Decoder) (string, error) {