diff --git a/handlers/handlers.go b/handlers/handlers.go index 7ccc3a3e..dd4b7281 100644 --- a/handlers/handlers.go +++ b/handlers/handlers.go @@ -190,6 +190,12 @@ func ValidateRequestHandler(w http.ResponseWriter, r *http.Request) { } w.Header().Add(cfg.Cfg.Headers.User, claims.Username) + if cfg.Get("Headers.IDToken") != "" { + w.Header().Add(cfg.Get("Headers.IDToken"), claims.IDToken) + } + if cfg.Get("Headers.AccessToken") != "" { + w.Header().Add(cfg.Get("Headers.AccessToken"), claims.AccessToken) + } w.Header().Add(cfg.Cfg.Headers.Success, "true") log.WithFields(log.Fields{cfg.Cfg.Headers.User: w.Header().Get(cfg.Cfg.Headers.User)}).Debug("response header") @@ -638,6 +644,8 @@ func getUserInfoFromADFS(r *http.Request, user *structs.User) error { adfsUser.PrepareUserData() user.Username = adfsUser.UPN + user.IDToken = string(tokenRes.IDToken) + user.AccessToken = string(tokenRes.AccessToken) log.Debug(user) return nil } diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go index cbb76b80..c743366c 100644 --- a/pkg/cfg/cfg.go +++ b/pkg/cfg/cfg.go @@ -42,6 +42,8 @@ type config struct { } Headers struct { JWT string `mapstructure:"jwt"` + IDToken string `mapstructure:"idToken"` + AccessToken string `mapstructure:"accessToken"` User string `mapstructure:"user"` QueryString string `mapstructure:"querystring"` Redirect string `mapstructure:"redirect"` @@ -364,6 +366,12 @@ func setDefaults() { if !viper.IsSet(Branding.LCName + ".headers.jwt") { Cfg.Headers.JWT = "X-" + Branding.CcName + "-Token" } + if !viper.IsSet(Branding.LCName + ".headers.idToken") { + Cfg.Headers.IDToken = "" + } + if !viper.IsSet(Branding.LCName + ".headers.accessToken") { + Cfg.Headers.AccessToken = "" + } if !viper.IsSet(Branding.LCName + ".headers.querystring") { Cfg.Headers.QueryString = "access_token" } diff --git a/pkg/jwtmanager/jwtmanager.go b/pkg/jwtmanager/jwtmanager.go index f6f7558e..925c2aae 100644 --- a/pkg/jwtmanager/jwtmanager.go +++ b/pkg/jwtmanager/jwtmanager.go @@ -21,8 +21,10 @@ import ( // VouchClaims jwt Claims specific to vouch type VouchClaims struct { - Username string `json:"username"` - Sites []string `json:"sites"` // tempting to make this a map but the array is fewer characters in the jwt + Username string `json:"username"` + Sites []string `json:"sites"` // tempting to make this a map but the array is fewer characters in the jwt + IDToken string `json:"id_token"` + AccessToken string `json:"access_token"` jwt.StandardClaims } @@ -53,6 +55,8 @@ func CreateUserTokenString(u structs.User) string { claims := VouchClaims{ u.Username, Sites, + u.IDToken, + u.AccessToken, StandardClaims, } diff --git a/pkg/jwtmanager/jwtmanager_test.go b/pkg/jwtmanager/jwtmanager_test.go index 95a3d873..5c57b3ff 100644 --- a/pkg/jwtmanager/jwtmanager_test.go +++ b/pkg/jwtmanager/jwtmanager_test.go @@ -26,6 +26,8 @@ func init() { lc = VouchClaims{ u1.Username, Sites, + u1.IDToken, + u1.AccessToken, StandardClaims, } } diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index af99ff65..53b18250 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -10,12 +10,14 @@ type User struct { // TODO: set Provider here so that we can pass it to db // populated by db (via mapstructure) or from provider (via json) // Provider string `json:"provider",mapstructure:"provider"` - Username string `json:"username",mapstructure:"username"` - Name string `json:"name",mapstructure:"name"` - Email string `json:"email",mapstructure:"email"` - CreatedOn int64 `json:"createdon"` - LastUpdate int64 `json:"lastupdate"` - ID int `json:"id",mapstructure:"id"` + Username string `json:"username",mapstructure:"username"` + Name string `json:"name",mapstructure:"name"` + Email string `json:"email",mapstructure:"email"` + CreatedOn int64 `json:"createdon"` + LastUpdate int64 `json:"lastupdate"` + ID int `json:"id",mapstructure:"id"` + IDToken string `json:"id_token",mapstructure:"id_token"` + AccessToken string `json:"access_token,mapstructure:"id_token"` // jwt.StandardClaims }