oc-auth OAUTH2

infrastructure/claims/claims.go

@@ -7,19 +7,23 @@ import (
 	"cloud.o-forge.io/core/oc-lib/models/peer"
 )
 
-// Tokenizer interface
+// ClaimService builds and verifies OAuth2 session claims
 type ClaimService interface {
-	AddClaimsToToken(clientID string, userId string, peer *peer.Peer) Claims
+	// BuildConsentSession builds the session payload for Hydra consent accept.
+	// Claims are injected into the Hydra JWT via the consent session, not appended to the token.
+	BuildConsentSession(clientID string, userId string, peer *peer.Peer) Claims
+
+	// DecodeClaimsInToken verifies permissions from claims extracted from a JWT
 	DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error)
 }
 
-// SessionClaims struct
+// SessionClaims contains access_token and id_token claim maps
 type SessionClaims struct {
 	AccessToken map[string]interface{} `json:"access_token"`
 	IDToken     map[string]interface{} `json:"id_token"`
 }
 
-// Claims struct
+// Claims is the top-level session structure passed to Hydra consent accept
 type Claims struct {
 	Session SessionClaims `json:"session"`
 }