Add response headers for /validate with id_token and access_token (#6)

simongottschlag · Feb 7, 2019 · 08f946c · 08f946c
1 parent 2dfcccd
commit 08f946c
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 8 deletions.
diff --git a/handlers/handlers.go b/handlers/handlers.go
@@ -190,6 +190,12 @@ func ValidateRequestHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.Header().Add(cfg.Cfg.Headers.User, claims.Username)
+	if cfg.Get("Headers.IDToken") != "" {
+		w.Header().Add(cfg.Get("Headers.IDToken"), claims.IDToken)
+	}
+	if cfg.Get("Headers.AccessToken") != "" {
+		w.Header().Add(cfg.Get("Headers.AccessToken"), claims.AccessToken)
+	}
 	w.Header().Add(cfg.Cfg.Headers.Success, "true")
 	log.WithFields(log.Fields{cfg.Cfg.Headers.User: w.Header().Get(cfg.Cfg.Headers.User)}).Debug("response header")
 
@@ -638,6 +644,8 @@ func getUserInfoFromADFS(r *http.Request, user *structs.User) error {
 
 	adfsUser.PrepareUserData()
 	user.Username = adfsUser.UPN
+	user.IDToken = string(tokenRes.IDToken)
+	user.AccessToken = string(tokenRes.AccessToken)
 	log.Debug(user)
 	return nil
 }

diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go
@@ -42,6 +42,8 @@ type config struct {
 	}
 	Headers struct {
 		JWT         string `mapstructure:"jwt"`
+		IDToken     string `mapstructure:"idToken"`
+		AccessToken string `mapstructure:"accessToken"`
 		User        string `mapstructure:"user"`
 		QueryString string `mapstructure:"querystring"`
 		Redirect    string `mapstructure:"redirect"`
@@ -364,6 +366,12 @@ func setDefaults() {
 	if !viper.IsSet(Branding.LCName + ".headers.jwt") {
 		Cfg.Headers.JWT = "X-" + Branding.CcName + "-Token"
 	}
+	if !viper.IsSet(Branding.LCName + ".headers.idToken") {
+		Cfg.Headers.IDToken = ""
+	}
+	if !viper.IsSet(Branding.LCName + ".headers.accessToken") {
+		Cfg.Headers.AccessToken = ""
+	}
 	if !viper.IsSet(Branding.LCName + ".headers.querystring") {
 		Cfg.Headers.QueryString = "access_token"
 	}

diff --git a/pkg/jwtmanager/jwtmanager.go b/pkg/jwtmanager/jwtmanager.go
@@ -21,8 +21,10 @@ import (
 
 // VouchClaims jwt Claims specific to vouch
 type VouchClaims struct {
-	Username string   `json:"username"`
-	Sites    []string `json:"sites"` // tempting to make this a map but the array is fewer characters in the jwt
+	Username    string   `json:"username"`
+	Sites       []string `json:"sites"` // tempting to make this a map but the array is fewer characters in the jwt
+	IDToken     string   `json:"id_token"`
+	AccessToken string   `json:"access_token"`
 	jwt.StandardClaims
 }
 
@@ -53,6 +55,8 @@ func CreateUserTokenString(u structs.User) string {
 	claims := VouchClaims{
 		u.Username,
 		Sites,
+		u.IDToken,
+		u.AccessToken,
 		StandardClaims,
 	}
 

diff --git a/pkg/jwtmanager/jwtmanager_test.go b/pkg/jwtmanager/jwtmanager_test.go
@@ -26,6 +26,8 @@ func init() {
 	lc = VouchClaims{
 		u1.Username,
 		Sites,
+		u1.IDToken,
+		u1.AccessToken,
 		StandardClaims,
 	}
 }

diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go
@@ -10,12 +10,14 @@ type User struct {
 	// TODO: set Provider here so that we can pass it to db
 	// populated by db (via mapstructure) or from provider (via json)
 	// Provider   string `json:"provider",mapstructure:"provider"`
-	Username   string `json:"username",mapstructure:"username"`
-	Name       string `json:"name",mapstructure:"name"`
-	Email      string `json:"email",mapstructure:"email"`
-	CreatedOn  int64  `json:"createdon"`
-	LastUpdate int64  `json:"lastupdate"`
-	ID         int    `json:"id",mapstructure:"id"`
+	Username    string `json:"username",mapstructure:"username"`
+	Name        string `json:"name",mapstructure:"name"`
+	Email       string `json:"email",mapstructure:"email"`
+	CreatedOn   int64  `json:"createdon"`
+	LastUpdate  int64  `json:"lastupdate"`
+	ID          int    `json:"id",mapstructure:"id"`
+	IDToken     string `json:"id_token",mapstructure:"id_token"`
+	AccessToken string `json:"access_token,mapstructure:"id_token"`
 	// jwt.StandardClaims
 }