verifoo/backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🚧 Encode user details in id token

Browse Source
This commit is contained in:
Andreas Dinauer 2026-04-18 22:40:50 +02:00
parent 701df23c1e
commit a210b05661
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java
View File

@ -1,6 +1,7 @@
package de.tavolio.oidc.token; package de.tavolio.oidc.token;
import de.tavolio.oidc.IssuerService; import de.tavolio.oidc.IssuerService;
import de.tavolio.realm.user.UserEntity;
import io.smallrye.jwt.build.Jwt; import io.smallrye.jwt.build.Jwt;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
@ -39,12 +40,15 @@ public class UserTokenGenerator
.sign(key); .sign(key);
} }
public String generateIDToken(String realmKey, String clientId, String upn, ZonedDateTime expiresAt, PrivateKey key, String keyId) public String generateIDToken(String realmKey, String clientId, String upn, ZonedDateTime expiresAt, PrivateKey key, String keyId, UserEntity user)
{ {
return Jwt.claims() return Jwt.claims()
.upn(upn) .upn(upn)
.claim("realm_key", realmKey) .claim("realm_key", realmKey)
.claim("client_id", clientId) .claim("client_id", clientId)
.claim("email", user.getEmail())
.claim("firstname", user.getFirstname())
.claim("lastname", user.getLastname())
.expiresAt(expiresAt.toInstant()) .expiresAt(expiresAt.toInstant())
.issuer(issuerService.getIssuer(realmKey)).jws().keyId(keyId) .issuer(issuerService.getIssuer(realmKey)).jws().keyId(keyId)
.sign(key); .sign(key);

2
src/main/java/de/tavolio/oidc/token/UserTokenService.java
View File

@ -69,7 +69,7 @@ public class UserTokenService
TokenResponse response = new TokenResponse() TokenResponse response = new TokenResponse()
.setAccessToken(userTokenGenerator.generateAccessToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId())) .setAccessToken(userTokenGenerator.generateAccessToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId()))
.setRefreshToken(userTokenGenerator.generateRefreshToken(realm.getKey(), principal, entity.getAccount().getId(), refreshTokenExpiresAt, signingKey, keypair.getId())) .setRefreshToken(userTokenGenerator.generateRefreshToken(realm.getKey(), principal, entity.getAccount().getId(), refreshTokenExpiresAt, signingKey, keypair.getId()))
.setIdToken(userTokenGenerator.generateIDToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId())) .setIdToken(userTokenGenerator.generateIDToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId(), entity.getAccount()))
.setTokenType("Bearer") .setTokenType("Bearer")
.setExpiresAt(expiresAt.toInstant().getEpochSecond()); .setExpiresAt(expiresAt.toInstant().getEpochSecond());
codeRepo.delete(entity); codeRepo.delete(entity);