add groups in claims

2024-11-27 12:36:37 +01:00 · 2024-11-27 12:36:37 +01:00 · fd65220b91
commit fd65220b91
parent 1722980514
3 changed files with 17 additions and 5 deletions
--- a/infrastructure/auth_connector/hydra_connector.go
+++ b/infrastructure/auth_connector/hydra_connector.go
@ -184,7 +184,7 @@ func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Toke
 	now = now.Add(time.Duration(token.ExpiresIn) * time.Second)
 	unix := now.Unix()

-	c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer).Url)
+	c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer))
 	c.Session.AccessToken["exp"] = unix

 	b, _ = json.Marshal(c)
--- a/infrastructure/claims/claims.go
+++ b/infrastructure/claims/claims.go
@ -1,10 +1,14 @@
 package claims

-import "oc-auth/conf"
+import (
+	"oc-auth/conf"
+
+	"cloud.o-forge.io/core/oc-lib/models/peer"
+)

 // Tokenizer interface
 type ClaimService interface {
-	AddClaimsToToken(userId string, host string) Claims
+	AddClaimsToToken(userId string, peer *peer.Peer) Claims
 	DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error)
 }

--- a/infrastructure/claims/hydra_claims.go
+++ b/infrastructure/claims/hydra_claims.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"

+	"cloud.o-forge.io/core/oc-lib/models/peer"
 	"cloud.o-forge.io/core/oc-lib/tools"
 )

@ -125,7 +126,7 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
 }

 // add claims to token method of HydraTokenizer
-func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
+func (h HydraClaims) AddClaimsToToken(userId string, p *peer.Peer) Claims {
 	claims := Claims{}
 	perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId, true)
 	if err != nil {
@ -140,10 +141,17 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
 		}
 		claims.Session.AccessToken[key] = perm.Subject
 	}
-	sign, err := h.encodeSignature(host)
+	sign, err := h.encodeSignature(p.Url)
 	if err != nil {
 		return claims
 	}
+	claims.Session.IDToken["peer_id"] = p.UUID
+	// we should get group from user
+	groups, err := perms_connectors.KetoConnector{}.GetGroupByUser(userId)
+	if err != nil {
+		return claims
+	}
+	claims.Session.IDToken["groups"] = groups
 	claims.Session.IDToken["signature"] = sign
 	return claims
 }