llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 12:30:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(jwt): add azp claim to ID token (#3570)

Browse Source 
Added the `azp` (Authorized Party) claim to various JWT token structures
including Claims, ClaimsShort, ClaimsWithoutThirdIdp, and ClaimsStandard.
Updated the generateJwtToken and getClaimsCustom functions to handle the
new claim. This change aligns with the OpenID Connect specification.
This commit is contained in:
Brian Yu
2025-02-10 20:44:44 +08:00
committed by GitHub
parent a0931e4597
commit b1b6ebe692
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
object/token_jwt.go
View File

@ -30,6 +30,8 @@ type Claims struct {
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
Tag string `json:"tag"` Tag string `json:"tag"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
// the `azp` (Authorized Party) claim. Optional. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken
Azp string `json:"azp,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -137,6 +139,7 @@ type ClaimsShort struct {
TokenType string `json:"tokenType,omitempty"` TokenType string `json:"tokenType,omitempty"`
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Azp string `json:"azp,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -155,6 +158,7 @@ type ClaimsWithoutThirdIdp struct {
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
Tag string `json:"tag"` Tag string `json:"tag"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Azp string `json:"azp,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -269,6 +273,7 @@ func getShortClaims(claims Claims) ClaimsShort {
Nonce: claims.Nonce, Nonce: claims.Nonce,
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp,
} }
return res return res
} }
@ -281,6 +286,7 @@ func getClaimsWithoutThirdIdp(claims Claims) ClaimsWithoutThirdIdp {
Tag: claims.Tag, Tag: claims.Tag,
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp,
} }
return res return res
} }
@ -301,6 +307,7 @@ func getClaimsCustom(claims Claims, tokenField []string) jwt.MapClaims {
res["nonce"] = claims.Nonce res["nonce"] = claims.Nonce
res["tag"] = claims.Tag res["tag"] = claims.Tag
res["scope"] = claims.Scope res["scope"] = claims.Scope
res["azp"] = claims.Azp
for _, field := range tokenField { for _, field := range tokenField {
userField := userValue.FieldByName(field) userField := userValue.FieldByName(field)
@ -357,6 +364,7 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
// FIXME: A workaround for custom claim by reusing `tag` in user info // FIXME: A workaround for custom claim by reusing `tag` in user info
Tag: user.Tag, Tag: user.Tag,
Scope: scope, Scope: scope,
Azp: application.ClientId,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: originBackend, Issuer: originBackend,
Subject: user.Id, Subject: user.Id,

2
object/token_standard_jwt.go
View File

@ -32,6 +32,7 @@ type ClaimsStandard struct {
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Address OIDCAddress `json:"address,omitempty"` Address OIDCAddress `json:"address,omitempty"`
Azp string `json:"azp,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -52,6 +53,7 @@ func getStandardClaims(claims Claims) ClaimsStandard {
Nonce: claims.Nonce, Nonce: claims.Nonce,
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp,
} }
res.Phone = "" res.Phone = ""