Skip to content

Commit

Permalink
feat: support JWT response on userinfo endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
dirkbolte committed Sep 24, 2020
1 parent 8d152c2 commit da16494
Showing 1 changed file with 46 additions and 27 deletions.
73 changes: 46 additions & 27 deletions projects/lib/src/oauth-service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -694,7 +694,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
userName: string,
password: string,
headers: HttpHeaders = new HttpHeaders()
): Promise<UserInfo> {
): Promise<UserInfo | string> {
return this.fetchTokenUsingPasswordFlow(
userName,
password,
Expand All @@ -708,7 +708,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
* When using this with OAuth2 password flow, make sure that the property oidc is set to false.
* Otherwise stricter validations take place that make this operation fail.
*/
public loadUserProfile(): Promise<UserInfo> {
public loadUserProfile(): Promise<UserInfo | string> {
if (!this.hasValidAccessToken()) {
throw new Error('Can not load User Profile without access_token');
}
Expand All @@ -725,35 +725,54 @@ export class OAuthService extends AuthConfig implements OnDestroy {
);

this.http
.get<UserInfo>(this.userinfoEndpoint, { headers })
.get(this.userinfoEndpoint, {
headers,
observe: 'response',
responseType: 'text'
})
.subscribe(
info => {
this.debug('userinfo received', info);

const existingClaims = this.getIdentityClaims() || {};

if (!this.skipSubjectCheck) {
if (
this.oidc &&
(!existingClaims['sub'] || info.sub !== existingClaims['sub'])
) {
const err =
'if property oidc is true, the received user-id (sub) has to be the user-id ' +
'of the user that has logged in with oidc.\n' +
'if you are not using oidc but just oauth2 password flow set oidc to false';

reject(err);
return;
response => {
this.debug('userinfo received', JSON.stringify(response));
if (
response.headers
.get('content-type')
.startsWith('application/json')
) {
let info = response.body;
const existingClaims = this.getIdentityClaims() || {};

if (!this.skipSubjectCheck) {
if (
this.oidc &&
(!existingClaims['sub'] || info.sub !== existingClaims['sub'])
) {
const err =
'if property oidc is true, the received user-id (sub) has to be the user-id ' +
'of the user that has logged in with oidc.\n' +
'if you are not using oidc but just oauth2 password flow set oidc to false';

reject(err);
return;
}
}
}

info = Object.assign({}, existingClaims, info);
info = Object.assign({}, existingClaims, info);

this._storage.setItem('id_token_claims_obj', JSON.stringify(info));
this.eventsSubject.next(
new OAuthSuccessEvent('user_profile_loaded')
);
resolve(info);
this._storage.setItem(
'id_token_claims_obj',
JSON.stringify(info)
);
this.eventsSubject.next(
new OAuthSuccessEvent('user_profile_loaded')
);
resolve(info);
} else {
this.debug('userinfo is not JSON, treating it as JWE/JWS');
this.eventsSubject.next(
new OAuthSuccessEvent('user_profile_loaded')
);
resolve(response.body);
}
},
err => {
this.logger.error('error loading user info', err);
Expand Down

0 comments on commit da16494

Please sign in to comment.