fix: jwt profile request in op

2020-09-16 14:12:41 +02:00 · 2020-09-16 14:12:41 +02:00 · fd3daa2335
commit fd3daa2335
parent d97df8a9b2
8 changed files with 224 additions and 16 deletions
--- a/pkg/oidc/grants/tokenexchange/tokenexchange.go
+++ b/pkg/oidc/grants/tokenexchange/tokenexchange.go
@ -22,6 +22,10 @@ type TokenExchangeRequest struct {
 	requestedTokenType string   `schema:"requested_token_type"`
 }

+type JWTProfileRequest struct {
+	assertion string `schema:"assertion"`
+}
+
 func NewTokenExchangeRequest(subjectToken, subjectTokenType string, opts ...TokenExchangeOption) *TokenExchangeRequest {
 	t := &TokenExchangeRequest{
 		grantType:          TokenExchangeGrantType,
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -59,6 +59,30 @@ type IDTokenClaims struct {
 	Signature jose.SignatureAlgorithm //TODO: ???
 }

+type JWTProfileAssertion struct {
+	PrivateKeyID string
+	PrivateKey   []byte
+	Scopes       []string
+	Issuer       string
+	Subject      string
+	Audience     []string
+	Expiration   time.Time
+	IssuedAt     time.Time
+}
+
+func NewJWTProfileAssertion(userID, keyID string, audience []string, key []byte) *JWTProfileAssertion {
+	return &JWTProfileAssertion{
+		PrivateKey:   key,
+		PrivateKeyID: keyID,
+		Issuer:       userID,
+		Scopes:       []string{ScopeOpenID},
+		Subject:      userID,
+		IssuedAt:     time.Now().UTC(),
+		Expiration:   time.Now().Add(1 * time.Hour).UTC(),
+		Audience:     audience,
+	}
+}
+
 type jsonToken struct {
 	Issuer                              string      `json:"iss,omitempty"`
 	Subject                             string      `json:"sub,omitempty"`
@ -213,6 +237,34 @@ func (t *IDTokenClaims) SetSignature(alg jose.SignatureAlgorithm) {
 	t.Signature = alg
 }

+func (t *JWTProfileAssertion) MarshalJSON() ([]byte, error) {
+	j := jsonToken{
+		Issuer:     t.Issuer,
+		Subject:    t.Subject,
+		Audiences:  t.Audience,
+		Expiration: timeToJSON(t.Expiration),
+		IssuedAt:   timeToJSON(t.IssuedAt),
+		Scopes:     strings.Join(t.Scopes, " "),
+	}
+	return json.Marshal(j)
+}
+
+func (t *JWTProfileAssertion) UnmarshalJSON(b []byte) error {
+	var j jsonToken
+	if err := json.Unmarshal(b, &j); err != nil {
+		return err
+	}
+
+	t.Issuer = j.Issuer
+	t.Subject = j.Subject
+	t.Audience = audienceFromJSON(j.Audiences)
+	t.Expiration = time.Unix(j.Expiration, 0).UTC()
+	t.IssuedAt = time.Unix(j.IssuedAt, 0).UTC()
+	t.Scopes = strings.Split(j.Scopes, " ")
+
+	return nil
+}
+
 func (j *jsonToken) UnmarshalUserinfoProfile() UserinfoProfile {
 	locale, _ := language.Parse(j.Locale)
 	return UserinfoProfile{
--- a/pkg/oidc/userinfo.go
+++ b/pkg/oidc/userinfo.go
@ -105,7 +105,7 @@ func (i *Userinfo) UnmmarshalJSON(data []byte) error {
 	if err := json.Unmarshal(data, i); err != nil {
 		return err
 	}
-	return json.Unmarshal(data, i.claims)
+	return json.Unmarshal(data, &i.claims)
 }

 type jsonUserinfo struct {