coolaj86
/
issuer.rest.walnut.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

WIP token exchange

This commit is contained in:
AJ ONeal 2017-12-02 08:43:45 +00:00
parent 3fedb3d8ad
commit 8397b8a38c
2 changed files with 64 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
accounts.js
View File

@ -210,10 +210,56 @@ function create(app) {
console.log('[exchangeToken] OAUTH3.jwk:');
console.log(OAUTH3.jwk);
var promise = OAUTH3.jwk.verifyToken(req.oauth3.encodedToken).then(function (result) {
console.log('[exchangeToken] verifyToken result:');
console.log(result);
return { error: { code: "E_NO_IMPL", message: "not implemented [183]" } };
var promise = OAUTH3.jwk.verifyToken(req.oauth3.encodedToken).then(function (decoded) {
console.log('[exchangeToken] verified token:');
console.log(decoded);
// TODO handle opaque tokens by exchanging at issuer -- if (!token.sub && token.jti) { ... }
return req.Models.IssuerOauth3OrgCredentialsProfiles.find({
credentialId: decoded.payload.sub + '@' + decoded.payload.iss
//, sub: decoded.payload.sub
//, iss: decoded.payload.iss
}).then(function (results) {
console.log('[exchangeToken] credentials profiles:');
console.log(results);
if (!results) {
return { tokens: [] };
}
results = results.filter(function (el) {
return !el.revokedAt && !el.deletedAt;
});
if (!results.length) {
return { tokens: [] };
}
return req.Models.IssuerOauth3OrgAccounts.find({
accountId: 'IN ' + results.map(function (el) { return el.credentialId }).join(',')
}).then(function (profiles) {
if (!results) {
return { tokens: [] };
}
profiles = profiles.filter(function (el) {
return !el.revokedAt && !el.deletedAt;
});
if (!results.length) {
return { tokens: [] };
}
return req.deps.Promise.all(profiles.map(function (profile) {
var tokenInfo = { sub: profile.sub, iss: profile.iss, azp: profile.iss, aud: profile.iss };
return restful.createToken._helper(req, res, tokenInfo);
})).then(function (tokens) {
return {
error: { code: "E_NO_IMPL", message: "not implemented [172]" }
, tokens: tokens
};
});
});
});
});
app.handlePromise(req, res, promise, '[issuer@oauth3.org] exchangeToken');
@ -236,9 +282,19 @@ function create(app) {
if (req.body.grant_type === 'refresh_token') {
return restful.createToken.refreshToken(req);
}
if (req.body.grant_type === 'exchange_token') {
return restful.exchangeToken(req);
}
throw new OpErr("unknown or un-implemented grant_type '"+req.body.grant_type+"'");
}).then(function (token_info) {
return restful.createToken._helper(req, res, token_info);
});
app.handlePromise(req, res, promise, '[issuer@oauth3.org] create tokens');
};
restful.createToken._helper = function (req, res, token_info) {
return req.deps.Promise.resolve().then(function () {
token_info.iss = req.experienceId;
if (!token_info.aud) {
throw new OpErr("missing required token field 'aud'");
@ -251,16 +307,17 @@ function create(app) {
// We don't have normal grants for the issuer, so we don't need to look the
// azpSub or the grants up in the database.
token_info.azpSub = token_info.sub;
token_info.scope = '';
token_info.scope = '*';
return token_info;
}
var search = {};
['sub', 'azp', 'azpSub'].forEach(function (key) {
[ 'sub', 'azp', 'azpSub' ].forEach(function (key) {
if (token_info[key]) {
search[key] = token_info[key];
}
});
return store.IssuerOauth3OrgGrants.find(search).then(function (grants) {
if (!grants.length) {
throw new OpErr("'"+token_info.azp+"' not given any grants from '"+(token_info.sub || token_info.azpSub)+"'");
@ -317,8 +374,6 @@ function create(app) {
return result;
});
});
app.handlePromise(req, res, promise, '[issuer@oauth3.org] create tokens');
};
restful.createToken.password = function (req) {
var params = req.body;

1
rest.js
View File

@ -48,6 +48,7 @@ module.exports.create = function (bigconf, deps, app) {
app.post( '/access_token/:sub/:aud/:azp', Accounts.restful.createToken);
app.post( '/access_token', Accounts.restful.createToken);
app.use( '/exchange_token', attachSiteModels);
app.post( '/exchange_token', Accounts.restful.exchangeToken);
app.use( '/acl/profile', attachSiteModels);