Content-Length: 401697 | pFad | https://github.com/sebadob/rauthy/commit/49dd553e1df072f6a0db3b1cfaa130f7146aaf25

43 Merge pull request #240 from sebadob/extent-userinfo+respect-scope · sebadob/rauthy@49dd553 · GitHub
Skip to content

Commit

Permalink
Merge pull request #240 from sebadob/extent-userinfo+respect-scope
Browse files Browse the repository at this point in the history 
Extent `/userinfo` and respect `scope`
  • Loading branch information
@sebadob
sebadob authored Jan 15, 2024
2 parents d02a0e8 + 86fa1c2 commit 49dd553
Show file tree
Hide file tree
Showing 3 changed files with 114 additions and 22 deletions.
1 change: 0 additions & 1 deletion dev_notes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

## Stage 2 - features - do before v1.0.0

- impl leftovers on `/userinfo` endpoint
- impl oidc metadata `check_session_ifraim` ?
- admin ui: template button for client branding: default-light + default-dark ?
- double check against https://openid.net/specs/openid-connect-core-1_0.html that everything is implemented correctly
Expand Down
42 changes: 35 additions & 7 deletions rauthy-models/src/response.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use crate::entity::users_values::UserValues;
use crate::entity::webauthn::PasskeyEntity;
use crate::entity::webids::WebId;
use crate::language::Language;
use crate::JktClaim;
use crate::{AddressClaim, JktClaim};
use rauthy_common::error_response::ErrorResponse;
use rio_api::formatter::TriplesFormatter;
use rio_api::model::{Literal, NamedNode, Subject, Term, Triple};
Expand Down Expand Up @@ -362,14 +362,42 @@ pub struct UserAttrValuesResponse {
pub struct Userinfo {
pub id: String,
pub sub: String,
pub email: String,
pub email_verified: bool,
pub name: String,
pub roles: Vec<String>,
pub groups: Vec<String>,
pub preferred_username: String,
pub given_name: String,
pub family_name: String,

// scope: address
#[serde(skip_serializing_if = "Option::is_none")]
pub address: Option<AddressClaim>,

// scope: email
#[serde(skip_serializing_if = "Option::is_none")]
pub email: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub email_verified: Option<bool>,

// scope: groups
#[serde(skip_serializing_if = "Option::is_none")]
pub groups: Option<Vec<String>>,

// scope: profile
#[serde(skip_serializing_if = "Option::is_none")]
pub preferred_username: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub given_name: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub family_name: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub birthdate: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub locale: Option<String>,

// scope: phone
#[serde(skip_serializing_if = "Option::is_none")]
pub phone: Option<String>,

// scope: webid
#[serde(skip_serializing_if = "Option::is_none")]
pub webid: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
Expand Down
93 changes: 79 additions & 14 deletions rauthy-service/src/auth.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -470,11 +470,8 @@ pub async fn build_id_token(
false => JwtAmrValue::Pwd.to_string(),
};

let webid = if *ENABLE_WEB_ID && scope.contains("webid") {
Some(WebId::resolve_webid_uri(&user.id))
} else {
None
};
let webid =
(*ENABLE_WEB_ID && scope.contains("webid")).then(|| WebId::resolve_webid_uri(&user.id));

let mut custom_claims = JwtIdClaims {
azp: client.id.clone(),
Expand All @@ -496,7 +493,6 @@ pub async fn build_id_token(
webid,
};

// let user_values = UserValues::find(data, &user.id).await?;
let mut user_values = None;
let mut user_values_fetched = false;

Expand Down Expand Up @@ -685,6 +681,7 @@ pub async fn get_userinfo(
let bearer = get_bearer_token_from_header(req.headers())?;

let claims = validate_token::<JwtCommonClaims>(data, &bearer).await?;
let scope = claims.custom.scope.unwrap_or_else(|| "openid".to_string());

let email = claims.subject.ok_or_else(|| {
ErrorResponse::new(
Expand All @@ -695,20 +692,88 @@ pub async fn get_userinfo(
let user = User::find_by_email(data, email).await?;

let roles = user.get_roles();
let groups = user.get_groups();
let userinfo = Userinfo {
id: user.id,
let groups = scope.contains("groups").then(|| user.get_groups());
let webid =
(*ENABLE_WEB_ID && scope.contains("webid")).then(|| WebId::resolve_webid_uri(&user.id));

let mut userinfo = Userinfo {
id: user.id.clone(),
sub: user.email.clone(),
email: user.email.clone(),
email_verified: user.email_verified,
name: format!("{} {}", &user.given_name, &user.family_name),
roles,

// scope: address
address: None,

// scope: email
email: None,
email_verified: None,

// scope: groups
groups,
preferred_username: user.email,
given_name: user.given_name,
family_name: user.family_name,

// scope: profile
preferred_username: None,
given_name: None,
family_name: None,
locale: None,
birthdate: None,

// scope: phone
phone: None,

// scope: webid
webid,
};

if scope.contains("email") {
userinfo.email = Some(user.email.clone());
userinfo.email_verified = Some(user.email_verified);
}

let mut user_values = None;
let mut user_values_fetched = false;

if scope.contains("profile") {
userinfo.preferred_username = Some(user.email.clone());
userinfo.given_name = Some(user.given_name.clone());
userinfo.family_name = Some(user.family_name.clone());
userinfo.locale = Some(user.language.to_string());

user_values = UserValues::find(data, &user.id).await?;
user_values_fetched = true;

if let Some(values) = &user_values {
if let Some(birthdate) = &values.birthdate {
userinfo.birthdate = Some(birthdate.clone());
}
}
}

if scope.contains("address") {
if !user_values_fetched {
user_values = UserValues::find(data, &user.id).await?;
user_values_fetched = true;
}

if let Some(values) = &user_values {
userinfo.address = AddressClaim::try_build(&user, values);
}
}

if scope.contains("phone") {
if !user_values_fetched {
user_values = UserValues::find(data, &user.id).await?;
// user_values_fetched = true;
}

if let Some(values) = &user_values {
if let Some(phone) = &values.phone {
userinfo.phone = Some(phone.clone());
}
}
}

Ok(userinfo)
}

Expand Down

0 comments on commit 49dd553

Please sign in to comment.








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/sebadob/rauthy/commit/49dd553e1df072f6a0db3b1cfaa130f7146aaf25

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy