|
|
@ -185,6 +185,21 @@ func newAccessTokenResponse(grant *models.OAuth2Grant, clientSecret string) (*Ac |
|
|
|
ErrorDescription: "cannot find application", |
|
|
|
ErrorDescription: "cannot find application", |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
err = app.LoadUser() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
if models.IsErrUserNotExist(err) { |
|
|
|
|
|
|
|
return nil, &AccessTokenError{ |
|
|
|
|
|
|
|
ErrorCode: AccessTokenErrorCodeInvalidRequest, |
|
|
|
|
|
|
|
ErrorDescription: "cannot find user", |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
log.Error("Error loading user: %v", err) |
|
|
|
|
|
|
|
return nil, &AccessTokenError{ |
|
|
|
|
|
|
|
ErrorCode: AccessTokenErrorCodeInvalidRequest, |
|
|
|
|
|
|
|
ErrorDescription: "server error", |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
idToken := &models.OIDCToken{ |
|
|
|
idToken := &models.OIDCToken{ |
|
|
|
StandardClaims: jwt.StandardClaims{ |
|
|
|
StandardClaims: jwt.StandardClaims{ |
|
|
|
ExpiresAt: expirationDate.AsTime().Unix(), |
|
|
|
ExpiresAt: expirationDate.AsTime().Unix(), |
|
|
@ -194,6 +209,20 @@ func newAccessTokenResponse(grant *models.OAuth2Grant, clientSecret string) (*Ac |
|
|
|
}, |
|
|
|
}, |
|
|
|
Nonce: grant.Nonce, |
|
|
|
Nonce: grant.Nonce, |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if grant.ScopeContains("profile") { |
|
|
|
|
|
|
|
idToken.Name = app.User.FullName |
|
|
|
|
|
|
|
idToken.PreferredUsername = app.User.Name |
|
|
|
|
|
|
|
idToken.Profile = app.User.HTMLURL() |
|
|
|
|
|
|
|
idToken.Picture = app.User.AvatarLink() |
|
|
|
|
|
|
|
idToken.Website = app.User.Website |
|
|
|
|
|
|
|
idToken.Locale = app.User.Language |
|
|
|
|
|
|
|
idToken.UpdatedAt = app.User.UpdatedUnix |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if grant.ScopeContains("email") { |
|
|
|
|
|
|
|
idToken.Email = app.User.Email |
|
|
|
|
|
|
|
idToken.EmailVerified = app.User.IsActive |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
signedIDToken, err = idToken.SignToken(clientSecret) |
|
|
|
signedIDToken, err = idToken.SignToken(clientSecret) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, &AccessTokenError{ |
|
|
|
return nil, &AccessTokenError{ |
|
|
|