feat: add userinfo endpoint (#447)

* feat: add userinfo endpoint Signed-off-by: 0x2a <stevesough@gmail.com> * feat: add scope support Signed-off-by: 0x2a <stevesough@gmail.com> * fix: modify the endpoint of discovery Signed-off-by: 0x2a <stevesough@gmail.com>
2025-07-03 20:50:19 +08:00 · 2022-01-26 11:56:01 +08:00
parent c87c001da3
commit 051752340d
9 changed files with 103 additions and 6 deletions
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -54,7 +54,7 @@ func init() {
 		Issuer:                                 origin,
 		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", origin),
 		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", origin),
-		UserinfoEndpoint:                       fmt.Sprintf("%s/api/get-account", origin),
+		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", origin),
 		JwksUri:                                fmt.Sprintf("%s/api/certs", origin),
 		ResponseTypesSupported:                 []string{"id_token"},
 		ResponseModesSupported:                 []string{"login", "code", "link"},
--- a/object/token.go
+++ b/object/token.go
@ -208,12 +208,12 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 		}
 	}

-	accessToken, refreshToken, err := generateJwtToken(application, user, nonce)
+	accessToken, refreshToken, err := generateJwtToken(application, user, nonce, scope)
 	if err != nil {
 		panic(err)
 	}

-	if challenge == "null"{
+	if challenge == "null" {
 		challenge = ""
 	}

@ -376,7 +376,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 			Scope:       "",
 		}
 	}
-	newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "")
+	newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope)
 	if err != nil {
 		panic(err)
 	}
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -27,6 +27,7 @@ type Claims struct {
 	*User
 	Nonce string `json:"nonce,omitempty"`
 	Tag   string `json:"tag,omitempty"`
+	Scope string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -38,6 +39,7 @@ type UserShort struct {
 type ClaimsShort struct {
 	*UserShort
 	Nonce string `json:"nonce,omitempty"`
+	Scope string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -53,12 +55,13 @@ func getShortClaims(claims Claims) ClaimsShort {
 	res := ClaimsShort{
 		UserShort:        getShortUser(claims.User),
 		Nonce:            claims.Nonce,
+		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
 	}
 	return res
 }

-func generateJwtToken(application *Application, user *User, nonce string) (string, string, error) {
+func generateJwtToken(application *Application, user *User, nonce string, scope string) (string, string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
@ -69,7 +72,8 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin
 		User:  user,
 		Nonce: nonce,
 		// FIXME: A workaround for custom claim by reusing `tag` in user info
-		Tag: user.Tag,
+		Tag:   user.Tag,
+		Scope: scope,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    beego.AppConfig.String("origin"),
 			Subject:   user.Id,