Skip to content

Commit 2f46ff7

Browse files
steveiliop56steveiliop56
committed
chore: review comments
1 parent dcec803 commit 2f46ff7

1 file changed

Lines changed: 8 additions & 4 deletions

File tree

internal/service/oidc_service.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -525,7 +525,7 @@ func (service *OIDCService) GetCodeEntry(codeHash string, clientId string) (*Aut
525525
return &entry, true
526526
}
527527

528-
func (service *OIDCService) generateIDToken(client model.OIDCClientConfig, user UserinfoResponse, scope string, nonce string, auth_time int64) (string, error) {
528+
func (service *OIDCService) generateIDToken(client model.OIDCClientConfig, user UserinfoResponse, scope string, nonce string, authTime *int64) (string, error) {
529529
createdAt := time.Now().Unix()
530530
expiresAt := time.Now().Add(time.Duration(service.config.Auth.SessionExpiry) * time.Second).Unix()
531531

@@ -562,7 +562,6 @@ func (service *OIDCService) generateIDToken(client model.OIDCClientConfig, user
562562
Sub: user.Sub,
563563
Iat: createdAt,
564564
Exp: expiresAt,
565-
AuthTime: auth_time,
566565
Name: userInfo.Name,
567566
Email: userInfo.Email,
568567
EmailVerified: userInfo.EmailVerified,
@@ -571,6 +570,10 @@ func (service *OIDCService) generateIDToken(client model.OIDCClientConfig, user
571570
Nonce: nonce,
572571
}
573572

573+
if authTime != nil {
574+
claims.AuthTime = *authTime
575+
}
576+
574577
payload, err := json.Marshal(claims)
575578

576579
if err != nil {
@@ -593,7 +596,7 @@ func (service *OIDCService) generateIDToken(client model.OIDCClientConfig, user
593596
}
594597

595598
func (service *OIDCService) GenerateAccessToken(ctx context.Context, client model.OIDCClientConfig, codeEntry AuthorizeCodeEntry, authTime int64) (*TokenResponse, error) {
596-
idToken, err := service.generateIDToken(client, codeEntry.Userinfo, codeEntry.Scope, codeEntry.Nonce, authTime)
599+
idToken, err := service.generateIDToken(client, codeEntry.Userinfo, codeEntry.Scope, codeEntry.Nonce, &authTime)
597600

598601
if err != nil {
599602
return nil, err
@@ -672,9 +675,10 @@ func (service *OIDCService) RefreshAccessToken(ctx context.Context, refreshToken
672675
return nil, err
673676
}
674677

678+
// TODO: store auth time in the database so we can include it in the new ID token, for now we omit it
675679
idToken, err := service.generateIDToken(model.OIDCClientConfig{
676680
ClientID: entry.ClientID,
677-
}, userInfo, entry.Scope, entry.Nonce, 0) // auth_time is not available during refresh, so we set it to 0
681+
}, userInfo, entry.Scope, entry.Nonce, nil)
678682

679683
if err != nil {
680684
return nil, err

0 commit comments

Comments
 (0)