From aa392b0b3c67f6f3629eb69eec79835474633dcc Mon Sep 17 00:00:00 2001 From: Jeffrey Date: Thu, 24 Aug 2023 21:18:35 -0500 Subject: [PATCH] - removed logs - added scope configuration - made jwks configurable --- client/src/components/Root.jsx | 1 + .../api/controllers/access-tokens/exchange.js | 4 +-- server/api/controllers/appconfig/index.js | 1 + server/api/helpers/utils/oidc-verify-token.js | 36 ------------------- server/config/custom.js | 2 ++ 5 files changed, 5 insertions(+), 39 deletions(-) delete mode 100644 server/api/helpers/utils/oidc-verify-token.js diff --git a/client/src/components/Root.jsx b/client/src/components/Root.jsx index f5aba92..d59b47d 100755 --- a/client/src/components/Root.jsx +++ b/client/src/components/Root.jsx @@ -23,6 +23,7 @@ function Root({ store, history, config }) { authority={config.authority} client_id={config.clientId} redirect_uri={config.redirectUri} + scope={config.scopes} onSigninCallback={() => { window.history.replaceState({}, document.title, window.location.pathname); }} diff --git a/server/api/controllers/access-tokens/exchange.js b/server/api/controllers/access-tokens/exchange.js index e805460..00d256b 100644 --- a/server/api/controllers/access-tokens/exchange.js +++ b/server/api/controllers/access-tokens/exchange.js @@ -10,7 +10,7 @@ const Errors = { }; const jwks = jwksClient({ - jwksUri: 'https://auth.jjakt.monster/realms/test-realm/protocol/openid-connect/certs', + jwksUri: sails.config.custom.oidcJwksUri, requestHeaders: {}, // Optional timeout: 30000, // Defaults to 30s }); @@ -27,7 +27,6 @@ const getJwtVerificationOptions = () => { }; const validateAndDecodeToken = async (accessToken, options) => { - sails.log.info(accessToken); const keys = await jwks.getSigningKeys(); let validToken = {}; @@ -64,7 +63,6 @@ const getUserInfo = async (accessToken, options) => { }; const mergeUserData = (validToken, userInfo) => { const oidcUser = { ...validToken, ...userInfo }; - sails.log.info(oidcUser); return oidcUser; }; module.exports = { diff --git a/server/api/controllers/appconfig/index.js b/server/api/controllers/appconfig/index.js index 68cb9e8..eef7be6 100644 --- a/server/api/controllers/appconfig/index.js +++ b/server/api/controllers/appconfig/index.js @@ -4,6 +4,7 @@ module.exports = { authority: sails.config.custom.oidcIssuer, clientId: sails.config.custom.oidcClientId, redirectUri: sails.config.custom.oidcredirectUri, + scopes: sails.config.custom.oidcScopes, }; return config; }, diff --git a/server/api/helpers/utils/oidc-verify-token.js b/server/api/helpers/utils/oidc-verify-token.js deleted file mode 100644 index 6d1c680..0000000 --- a/server/api/helpers/utils/oidc-verify-token.js +++ /dev/null @@ -1,36 +0,0 @@ -const jwt = require('jsonwebtoken'); -const jwksClient = require('jwks-rsa'); - -const client = jwksClient({ - jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json', - requestHeaders: {}, // Optional - timeout: 30000, // Defaults to 30s -}); - -module.exports = { - inputs: { - token: { - type: 'string', - required: true, - }, - }, - - exits: { - invalidToken: {}, - }, - - async fn(inputs) { - let payload; - const keys = await client.getSigningKeys(); - try { - payload = jwt.verify(inputs.token, keys); - } catch (error) { - throw 'invalidToken'; - } - - return { - subject: payload.sub, - issuedAt: new Date(payload.iat * 1000), - }; - }, -}; diff --git a/server/config/custom.js b/server/config/custom.js index 3dff6fe..1e592cc 100644 --- a/server/config/custom.js +++ b/server/config/custom.js @@ -37,4 +37,6 @@ module.exports.custom = { oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups', oidcAdminRoles: process.env.OIDC_ADMIN_ROLES.split(',') || [], oidcredirectUri: process.env.OIDC_REDIRECT_URI, + oidcJwksUri: process.env.OIDC_JWKS_URI, + oidcScopes: process.env.OIDC_SCOPES || 'openid', };