- removed logs

- added scope configuration - made jwks configurable
2 years ago · aa392b0b3c
parent b5cf77a718
commit aa392b0b3c
5 changed files with 5 additions and 39 deletions
--- a/client/src/components/Root.jsx
+++ b/client/src/components/Root.jsx
@ -23,6 +23,7 @@ function Root({ store, history, config }) {
      authority={config.authority}
      client_id={config.clientId}
      redirect_uri={config.redirectUri}
      scope={config.scopes}
      onSigninCallback={() => {
        window.history.replaceState({}, document.title, window.location.pathname);
      }}
--- a/server/api/controllers/access-tokens/exchange.js
+++ b/server/api/controllers/access-tokens/exchange.js
@ -10,7 +10,7 @@ const Errors = {
 };
 const jwks = jwksClient({
-  jwksUri: 'https://auth.jjakt.monster/realms/test-realm/protocol/openid-connect/certs',
+  jwksUri: sails.config.custom.oidcJwksUri,
  requestHeaders: {}, // Optional
  timeout: 30000, // Defaults to 30s
 });
@ -27,7 +27,6 @@ const getJwtVerificationOptions = () => {
 };
 const validateAndDecodeToken = async (accessToken, options) => {
  sails.log.info(accessToken);
  const keys = await jwks.getSigningKeys();
  let validToken = {};
@ -64,7 +63,6 @@ const getUserInfo = async (accessToken, options) => {
 };
 const mergeUserData = (validToken, userInfo) => {
  const oidcUser = { ...validToken, ...userInfo };
  sails.log.info(oidcUser);
  return oidcUser;
 };
 module.exports = {
--- a/server/api/controllers/appconfig/index.js
+++ b/server/api/controllers/appconfig/index.js
@ -4,6 +4,7 @@ module.exports = {
      authority: sails.config.custom.oidcIssuer,
      clientId: sails.config.custom.oidcClientId,
      redirectUri: sails.config.custom.oidcredirectUri,
      scopes: sails.config.custom.oidcScopes,
    };
    return config;
  },
--- a/server/api/helpers/utils/oidc-verify-token.js
+++ b/server/api/helpers/utils/oidc-verify-token.js
@ -1,36 +0,0 @@
 const jwt = require('jsonwebtoken');
 const jwksClient = require('jwks-rsa');
 const client = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestHeaders: {}, // Optional
  timeout: 30000, // Defaults to 30s
 });
 module.exports = {
  inputs: {
    token: {
      type: 'string',
      required: true,
    },
  },
  exits: {
    invalidToken: {},
  },
  async fn(inputs) {
    let payload;
    const keys = await client.getSigningKeys();
    try {
      payload = jwt.verify(inputs.token, keys);
    } catch (error) {
      throw 'invalidToken';
    }
    return {
      subject: payload.sub,
      issuedAt: new Date(payload.iat * 1000),
    };
  },
 };
--- a/server/config/custom.js
+++ b/server/config/custom.js
@ -37,4 +37,6 @@ module.exports.custom = {
  oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups',
  oidcAdminRoles: process.env.OIDC_ADMIN_ROLES.split(',') || [],
  oidcredirectUri: process.env.OIDC_REDIRECT_URI,
  oidcJwksUri: process.env.OIDC_JWKS_URI,
  oidcScopes: process.env.OIDC_SCOPES || 'openid',
 };