llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add logged-in IDP provider info to access token (#3776)

Browse Source
This commit is contained in:
DacongDA 2025-05-11 09:51:51 +08:00 committed by GitHub
parent 90e790f83c
commit f8f864c5b9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controllers/auth.go
View File

@ -147,7 +147,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
c.ResponseError(c.T("auth:Challenge method should be S256")) c.ResponseError(c.T("auth:Challenge method should be S256"))
return return
} }
code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage()) code, err := object.GetOAuthCode(userId, clientId, form.Provider, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
if err != nil { if err != nil {
c.ResponseError(err.Error(), nil) c.ResponseError(err.Error(), nil)
return return

9
object/token_jwt.go
View File

@ -32,6 +32,7 @@ type Claims struct {
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
// the `azp` (Authorized Party) claim. Optional. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken // the `azp` (Authorized Party) claim. Optional. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken
Azp string `json:"azp,omitempty"` Azp string `json:"azp,omitempty"`
Provider string `json:"provider,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -140,6 +141,7 @@ type ClaimsShort struct {
Nonce string `json:"nonce,omitempty"` Nonce string `json:"nonce,omitempty"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Azp string `json:"azp,omitempty"` Azp string `json:"azp,omitempty"`
Provider string `json:"provider,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -159,6 +161,7 @@ type ClaimsWithoutThirdIdp struct {
Tag string `json:"tag"` Tag string `json:"tag"`
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Azp string `json:"azp,omitempty"` Azp string `json:"azp,omitempty"`
Provider string `json:"provider,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -274,6 +277,7 @@ func getShortClaims(claims Claims) ClaimsShort {
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp, Azp: claims.Azp,
Provider: claims.Provider,
} }
return res return res
} }
@ -287,6 +291,7 @@ func getClaimsWithoutThirdIdp(claims Claims) ClaimsWithoutThirdIdp {
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp, Azp: claims.Azp,
Provider: claims.Provider,
} }
return res return res
} }
@ -308,6 +313,7 @@ func getClaimsCustom(claims Claims, tokenField []string) jwt.MapClaims {
res["tag"] = claims.Tag res["tag"] = claims.Tag
res["scope"] = claims.Scope res["scope"] = claims.Scope
res["azp"] = claims.Azp res["azp"] = claims.Azp
res["provider"] = claims.Provider
for _, field := range tokenField { for _, field := range tokenField {
userField := userValue.FieldByName(field) userField := userValue.FieldByName(field)
@ -342,7 +348,7 @@ func refineUser(user *User) *User {
return user return user
} }
func generateJwtToken(application *Application, user *User, nonce string, scope string, host string) (string, string, string, error) { func generateJwtToken(application *Application, user *User, provider string, nonce string, scope string, host string) (string, string, string, error) {
nowTime := time.Now() nowTime := time.Now()
expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour) expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour) refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
@ -365,6 +371,7 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
Tag: user.Tag, Tag: user.Tag,
Scope: scope, Scope: scope,
Azp: application.ClientId, Azp: application.ClientId,
Provider: provider,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: originBackend, Issuer: originBackend,
Subject: user.Id, Subject: user.Id,

14
object/token_oauth.go
View File

@ -136,7 +136,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
return "", application, nil return "", application, nil
} }
func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) { func GetOAuthCode(userId string, clientId string, provider string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) {
user, err := GetUser(userId) user, err := GetUser(userId)
if err != nil { if err != nil {
return nil, err return nil, err
@ -171,7 +171,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
if err != nil { if err != nil {
return nil, err return nil, err
} }
accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host) accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, provider, nonce, scope, host)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -379,7 +379,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
return nil, err return nil, err
} }
newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host) newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", "", scope, host)
if err != nil { if err != nil {
return &TokenError{ return &TokenError{
Error: EndpointError, Error: EndpointError,
@ -558,7 +558,7 @@ func GetPasswordToken(application *Application, username string, password string
return nil, nil, err return nil, nil, err
} }
accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host) accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", scope, host)
if err != nil { if err != nil {
return nil, &TokenError{ return nil, &TokenError{
Error: EndpointError, Error: EndpointError,
@ -604,7 +604,7 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
Type: "application", Type: "application",
} }
accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host) accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", "", scope, host)
if err != nil { if err != nil {
return nil, &TokenError{ return nil, &TokenError{
Error: EndpointError, Error: EndpointError,
@ -668,7 +668,7 @@ func GetTokenByUser(application *Application, user *User, scope string, nonce st
return nil, err return nil, err
} }
accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host) accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", nonce, scope, host)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -775,7 +775,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
return nil, nil, err return nil, nil, err
} }
accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", host) accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", "", host)
if err != nil { if err != nil {
return nil, &TokenError{ return nil, &TokenError{
Error: EndpointError, Error: EndpointError,

2
object/token_standard_jwt.go
View File

@ -33,6 +33,7 @@ type ClaimsStandard struct {
Scope string `json:"scope,omitempty"` Scope string `json:"scope,omitempty"`
Address OIDCAddress `json:"address,omitempty"` Address OIDCAddress `json:"address,omitempty"`
Azp string `json:"azp,omitempty"` Azp string `json:"azp,omitempty"`
Provider string `json:"provider,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
@ -54,6 +55,7 @@ func getStandardClaims(claims Claims) ClaimsStandard {
Scope: claims.Scope, Scope: claims.Scope,
RegisteredClaims: claims.RegisteredClaims, RegisteredClaims: claims.RegisteredClaims,
Azp: claims.Azp, Azp: claims.Azp,
Provider: claims.Provider,
} }
res.Phone = "" res.Phone = ""

2
routers/static_filter.go
View File

@ -89,7 +89,7 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
return "", nil return "", nil
} }
code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, ctx.Request.Host, getAcceptLanguage(ctx)) code, err := object.GetOAuthCode(userId, clientId, "", responseType, redirectUri, scope, state, nonce, codeChallenge, ctx.Request.Host, getAcceptLanguage(ctx))
if err != nil { if err != nil {
return "", err return "", err
} else if code.Message != "" { } else if code.Message != "" {

1
web/src/ApplicationEditPage.js
View File

@ -454,6 +454,7 @@ class ApplicationEditPage extends React.Component {
</Col> </Col>
<Col span={22} > <Col span={22} >
<Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}> <Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}>
<Option key={"provider"} value={"provider"}>{"Provider"}</Option>)
{ {
Setting.getUserCommonFields().map((item, index) => <Option key={index} value={item}>{item}</Option>) Setting.getUserCommonFields().map((item, index) => <Option key={index} value={item}>{item}</Option>)
} }