fix: append client id to aud

2020-11-13 13:38:34 +01:00 · 2020-11-13 13:38:34 +01:00 · d6dab32393
commit d6dab32393
parent 2370409a55
1 changed files with 14 additions and 0 deletions
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -201,6 +201,7 @@ func EmptyIDTokenClaims() IDTokenClaims {
 }

 func NewIDTokenClaims(issuer, subject string, audience []string, expiration, authTime time.Time, nonce string, acr string, amr []string, clientID string) IDTokenClaims {
+	audience = AppendClientIDToAudience(clientID, audience)
 	return &idTokenClaims{
 		Issuer:                              issuer,
 		Audience:                            audience,
@ -441,3 +442,16 @@ func ClaimHash(claim string, sigAlgorithm jose.SignatureAlgorithm) (string, erro

 	return utils.HashString(hash, claim, true), nil
 }
+
+func AppendClientIDToAudience(clientID string, audience []string) []string {
+	exists := false
+	for _, aud := range audience {
+		if aud == clientID {
+			exists = true
+		}
+	}
+	if !exists {
+		audience = append(audience, clientID)
+	}
+	return audience
+}