package oauth2 import ( "errors" "net/http" "github.com/gin-gonic/gin" "github.com/ory/fosite" "edge-infra.dev/pkg/edge/iam/apperror" "edge-infra.dev/pkg/edge/iam/config" ) func (oauth2 *OAuth2) userInfo(ctx *gin.Context) error { userinfo := NewUserInfo(config.GetJWTStrategy(), oauth2.ProfileStorage) tokenFromRequest := fosite.AccessTokenFromRequest(ctx.Request) if len(tokenFromRequest) == 0 { ctx.Header("WWW-Authenticate", `Bearer realm="userinfo"`) return apperror.NewStatusError(errors.New("missing authorization"), http.StatusUnauthorized) } err := userinfo.ValidateAccessToken(ctx, tokenFromRequest) if err != nil { ctx.Header("WWW-Authenticate", `Bearer realm="userinfo" error="invalid_token"`) return apperror.NewStatusError(err, http.StatusUnauthorized) } sub, err := userinfo.GetSubject(ctx, tokenFromRequest) if err != nil || len(sub) == 0 { ctx.Header("WWW-Authenticate", `Bearer realm="userinfo" error="invalid_token"`) return apperror.NewStatusError(err, http.StatusUnauthorized) } idClaims, err := userinfo.GetIdentityClaims(ctx, sub) if err != nil { ctx.Header("WWW-Authenticate", `Bearer realm="userinfo" error="server_error"`) return apperror.NewStatusError(err, http.StatusInternalServerError) } ctx.JSON(http.StatusOK, idClaims) return nil }