1 package oauth2
2
3 import (
4 "context"
5 "encoding/json"
6 "errors"
7
8 "github.com/ory/fosite/token/jwt"
9
10 "edge-infra.dev/pkg/edge/iam/profile"
11 )
12
13 type UserInfo struct {
14 JWTStrategy *jwt.RS256JWTStrategy
15 profile.Storage
16 }
17
18 func NewUserInfo(jwtStrategy *jwt.RS256JWTStrategy, storage profile.Storage) *UserInfo {
19 return &UserInfo{
20 JWTStrategy: jwtStrategy,
21 Storage: storage,
22 }
23 }
24
25 func (u *UserInfo) ValidateAccessToken(ctx context.Context, token string) error {
26 _, err := u.JWTStrategy.Validate(ctx, token)
27 return err
28 }
29
30 func (u *UserInfo) GetSubject(ctx context.Context, token string) (string, error) {
31 decoded, err := u.JWTStrategy.Decode(ctx, token)
32 if err != nil {
33 return "", err
34 }
35 return decoded.Claims["sub"].(string), nil
36 }
37
38 func (u *UserInfo) GetIdentityClaims(ctx context.Context, subject string) (map[string]interface{}, error) {
39 profile, err := u.GetIdentityProfile(ctx, subject)
40 if err != nil {
41 return nil, err
42 }
43 if profile == nil {
44 return nil, errors.New("profile doesn't exist for requested user")
45 }
46 var profileMap map[string]interface{}
47 profileBytes, err := json.Marshal(profile)
48 if err != nil {
49 return nil, err
50 }
51 err = json.Unmarshal(profileBytes, &profileMap)
52 if err != nil {
53 return nil, err
54 }
55 delete(profileMap, "rls")
56 delete(profileMap, "org")
57 delete(profileMap, "last_updated")
58 delete(profileMap, "alias")
59 return profileMap, nil
60 }
61
View as plain text