feat: add OIDC feature support. (#373)

1. add nonce parameter. 2. add sub in userinfo endpoint. Signed-off-by: 0x2a <stevesough@gmail.com>
2025-07-03 20:50:19 +08:00 · 2021-12-15 21:42:16 +08:00
parent 370e835499
commit 98f6cc0085
7 changed files with 22 additions and 10 deletions
--- a/object/token.go
+++ b/object/token.go
@ -175,7 +175,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 	return "", application
 }

-func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string) *Code {
+func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string) *Code {
 	user := GetUser(userId)
 	if user == nil {
 		return &Code{
@ -192,7 +192,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 		}
 	}

-	accessToken, err := generateJwtToken(application, user)
+	accessToken, err := generateJwtToken(application, user, nonce)
 	if err != nil {
 		panic(err)
 	}
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -31,17 +31,19 @@ var tokenJwtPrivateKey string

 type Claims struct {
 	User
+	Nonce string `json:"nonce,omitempty"`
 	jwt.RegisteredClaims
 }

-func generateJwtToken(application *Application, user *User) (string, error) {
+func generateJwtToken(application *Application, user *User, nonce string) (string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)

 	user.Password = ""

 	claims := Claims{
-		User: *user,
+		User:  *user,
+		Nonce: nonce,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    beego.AppConfig.String("origin"),
 			Subject:   user.Id,