- removed logs

- added scope configuration - made jwks configurable
2 years ago · aa392b0b3c
parent b5cf77a718
commit aa392b0b3c
5 changed files with 5 additions and 39 deletions
--- a/client/src/components/Root.jsx
+++ b/client/src/components/Root.jsx
@ -23,6 +23,7 @@ function Root({ store, history, config }) {
      authority={config.authority}
      client_id={config.clientId}
      redirect_uri={config.redirectUri}
+      scope={config.scopes}
      onSigninCallback={() => {
        window.history.replaceState({}, document.title, window.location.pathname);
      }}
--- a/server/api/controllers/access-tokens/exchange.js
+++ b/server/api/controllers/access-tokens/exchange.js
@ -10,7 +10,7 @@ const Errors = {
 };

 const jwks = jwksClient({
-  jwksUri: 'https://auth.jjakt.monster/realms/test-realm/protocol/openid-connect/certs',
+  jwksUri: sails.config.custom.oidcJwksUri,
  requestHeaders: {}, // Optional
  timeout: 30000, // Defaults to 30s
 });
@ -27,7 +27,6 @@ const getJwtVerificationOptions = () => {
 };

 const validateAndDecodeToken = async (accessToken, options) => {
-  sails.log.info(accessToken);
  const keys = await jwks.getSigningKeys();
  let validToken = {};

@ -64,7 +63,6 @@ const getUserInfo = async (accessToken, options) => {
 };
 const mergeUserData = (validToken, userInfo) => {
  const oidcUser = { ...validToken, ...userInfo };
-  sails.log.info(oidcUser);
  return oidcUser;
 };
 module.exports = {
--- a/server/api/controllers/appconfig/index.js
+++ b/server/api/controllers/appconfig/index.js
@ -4,6 +4,7 @@ module.exports = {
      authority: sails.config.custom.oidcIssuer,
      clientId: sails.config.custom.oidcClientId,
      redirectUri: sails.config.custom.oidcredirectUri,
+      scopes: sails.config.custom.oidcScopes,
    };
    return config;
  },
--- a/server/api/helpers/utils/oidc-verify-token.js
+++ b/server/api/helpers/utils/oidc-verify-token.js
@ -1,36 +0,0 @@
-const jwt = require('jsonwebtoken');
-const jwksClient = require('jwks-rsa');
-
-const client = jwksClient({
-  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
-  requestHeaders: {}, // Optional
-  timeout: 30000, // Defaults to 30s
-});
-
-module.exports = {
-  inputs: {
-    token: {
-      type: 'string',
-      required: true,
-    },
-  },
-
-  exits: {
-    invalidToken: {},
-  },
-
-  async fn(inputs) {
-    let payload;
-    const keys = await client.getSigningKeys();
-    try {
-      payload = jwt.verify(inputs.token, keys);
-    } catch (error) {
-      throw 'invalidToken';
-    }
-
-    return {
-      subject: payload.sub,
-      issuedAt: new Date(payload.iat * 1000),
-    };
-  },
-};
--- a/server/config/custom.js
+++ b/server/config/custom.js
@ -37,4 +37,6 @@ module.exports.custom = {
  oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups',
  oidcAdminRoles: process.env.OIDC_ADMIN_ROLES.split(',') || [],
  oidcredirectUri: process.env.OIDC_REDIRECT_URI,
+  oidcJwksUri: process.env.OIDC_JWKS_URI,
+  oidcScopes: process.env.OIDC_SCOPES || 'openid',
 };