Skip to content

Commit

Permalink
add CanSetUserinfoFromRequest interface
Browse files Browse the repository at this point in the history
  • Loading branch information
@muir
muir committed Mar 10, 2023
1 parent eea2ed1 commit e56925a
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 0 deletions.
6 changes: 6 additions & 0 deletions example/server/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,12 @@ func (s *Storage) SetUserinfoFromScopes(ctx context.Context, userinfo oidc.UserI
return s.setUserinfo(ctx, userinfo, userID, clientID, scopes)
}

// SetUserinfoFromRequest is an optional addon to op.Storage for setting user information
// using the request.
func (s *Storage) SetUserinfoFromRequest(ctx context.Context, userinfo oidc.UserInfoSetter, request op.IDTokenRequest, scopes []string) error {
return nil
}

// SetUserinfoFromToken implements the op.Storage interface
// it will be called for the userinfo endpoint, so we read the token and pass the information from that to the private function
func (s *Storage) SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, tokenID, subject, origin string) error {
Expand Down
7 changes: 7 additions & 0 deletions pkg/op/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,13 @@ type OPStorage interface {
ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)
}

// CanSetUserinfoFromRequest is an optional additional interface that may be implemented by
// implementors of Storage. It allows additional data to be set in id_tokens based on the
// request.
type CanSetUserinfoFromRequest interface {
SetUserinfoFromRequest(ctx context.Context, userinfo oidc.UserInfoSetter, request IDTokenRequest, scopes []string) error
}

// Storage is a required parameter for NewOpenIDProvider(). In addition to the
// embedded interfaces below, if the passed Storage implements ClientCredentialsStorage
// then the grant type "client_credentials" will be supported. In that case, the access
Expand Down
6 changes: 6 additions & 0 deletions pkg/op/token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,12 @@ func CreateIDToken(ctx context.Context, issuer string, request IDTokenRequest, v
if err != nil {
return "", err
}
if fromRequest, ok := storage.(CanSetUserinfoFromRequest); ok {
err := fromRequest.SetUserinfoFromRequest(ctx, userInfo, request, scopes)
if err != nil {
return "", err
}
}
claims.SetUserinfo(userInfo)
}
if code != "" {
Expand Down

0 comments on commit e56925a

Please sign in to comment.