From 4229508bba8221bf0c71ee84fef10891f25ceb2b Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Thu, 28 Apr 2022 09:38:05 +0200 Subject: [PATCH] feat: add support for client id and secret tokens --- app.js | 107 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 70 insertions(+), 37 deletions(-) diff --git a/app.js b/app.js index e01ad1e..1e002c7 100644 --- a/app.js +++ b/app.js @@ -40,6 +40,13 @@ const addCustomClaims = (email, customClaims, token) => { } +const signToken = (token) => { + return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, { + algorithm: 'RS256', + keyid: thumbprint + }) +} + // Configure our small auth0-mock-server app.options('*', cors(corsOpts)) .use(cors()) @@ -51,47 +58,73 @@ app.options('*', cors(corsOpts)) // This route can be used to generate a valid jwt-token. app.post('/oauth/token', (req, res) => { - const code = req.body.code - const session = sessions[code] - let date = Math.floor(Date.now() / 1000) - let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, { - iss: jwksOrigin, - aud: [audience], - sub: 'auth0|' + session.email, - iat: date, - exp: date + 7200, - azp: session.clientId - }))), privateKey, { - algorithm: 'RS256', - keyid: thumbprint - }) + if (req.body.grant_type === 'client_credentials' && req.body.client_id) { + let accessToken = signToken({ + iss: jwksOrigin, + aud: [audience], + sub: 'auth0|management', + iat: date, + exp: date + 7200, + azp: req.body.client_id + }) - let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, { - iss: jwksOrigin, - aud: session.clientId, - nonce: session.nonce, - sub: 'auth0|' + session.email, - iat: date, - exp: date + 7200, - azp: session.clientId, - name: 'Example Person', - picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg' - }))), privateKey, { - algorithm: 'RS256', - keyid: thumbprint - }) + let idToken = signToken({ + iss: jwksOrigin, + aud: req.body.client_id, + sub: 'auth0|management', + iat: date, + exp: date + 7200, + azp: req.body.client_id, + name: 'Management API' + }) - debug('Signed token for ' + session.email) - // res.json({ token }); + debug('Signed token for management API') - res.json({ - access_token: accessToken, - id_token: idToken, - scope: 'openid%20profile%20email', - expires_in: 7200, - token_type: 'Bearer' - }) + res.json({ + access_token: accessToken, + id_token: idToken, + scope: 'openid%20profile%20email', + expires_in: 7200, + token_type: 'Bearer' + }) + } else if (req.body.code) { + const code = req.body.code + const session = sessions[code] + let accessToken = signToken(addCustomClaims(session.email, session.customClaims, { + iss: jwksOrigin, + aud: [audience], + sub: 'auth0|' + session.email, + iat: date, + exp: date + 7200, + azp: session.clientId + })) + + let idToken = signToken(addCustomClaims(session.email, session.customClaims, { + iss: jwksOrigin, + aud: session.clientId, + nonce: session.nonce, + sub: 'auth0|' + session.email, + iat: date, + exp: date + 7200, + azp: session.clientId, + name: 'Example Person', + picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg' + })) + + debug('Signed token for ' + session.email) + + res.json({ + access_token: accessToken, + id_token: idToken, + scope: 'openid%20profile%20email', + expires_in: 7200, + token_type: 'Bearer' + }) + } else { + res.status(401) + res.send('Missing client_id or client_secret') + } }) // This route can be used to generate a valid jwt-token.