package oauth2 import ( "context" "encoding/json" "errors" "github.com/ory/fosite/token/jwt" "edge-infra.dev/pkg/edge/iam/profile" ) type UserInfo struct { JWTStrategy *jwt.RS256JWTStrategy profile.Storage } func NewUserInfo(jwtStrategy *jwt.RS256JWTStrategy, storage profile.Storage) *UserInfo { return &UserInfo{ JWTStrategy: jwtStrategy, Storage: storage, } } func (u *UserInfo) ValidateAccessToken(ctx context.Context, token string) error { _, err := u.JWTStrategy.Validate(ctx, token) return err } func (u *UserInfo) GetSubject(ctx context.Context, token string) (string, error) { decoded, err := u.JWTStrategy.Decode(ctx, token) if err != nil { return "", err } return decoded.Claims["sub"].(string), nil } func (u *UserInfo) GetIdentityClaims(ctx context.Context, subject string) (map[string]interface{}, error) { profile, err := u.GetIdentityProfile(ctx, subject) if err != nil { return nil, err } if profile == nil { return nil, errors.New("profile doesn't exist for requested user") } var profileMap map[string]interface{} profileBytes, err := json.Marshal(profile) if err != nil { return nil, err } err = json.Unmarshal(profileBytes, &profileMap) if err != nil { return nil, err } delete(profileMap, "rls") delete(profileMap, "org") delete(profileMap, "last_updated") delete(profileMap, "alias") return profileMap, nil }