add username
to OIDC introspection response (#31688)
This field is specified as optional here: https://datatracker.ietf.org/doc/html/rfc7662#section-2.2 It's used by some OIDC integrations, e.g. https://emersion.fr/blog/2022/irc-and-oauth2/ Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
parent
bae87dfb09
commit
ecc8f2b047
@ -355,6 +355,7 @@ func IntrospectOAuth(ctx *context.Context) {
|
|||||||
var response struct {
|
var response struct {
|
||||||
Active bool `json:"active"`
|
Active bool `json:"active"`
|
||||||
Scope string `json:"scope,omitempty"`
|
Scope string `json:"scope,omitempty"`
|
||||||
|
Username string `json:"username,omitempty"`
|
||||||
jwt.RegisteredClaims
|
jwt.RegisteredClaims
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -371,6 +372,9 @@ func IntrospectOAuth(ctx *context.Context) {
|
|||||||
response.Audience = []string{app.ClientID}
|
response.Audience = []string{app.ClientID}
|
||||||
response.Subject = fmt.Sprint(grant.UserID)
|
response.Subject = fmt.Sprint(grant.UserID)
|
||||||
}
|
}
|
||||||
|
if user, err := user_model.GetUserByID(ctx, grant.UserID); err == nil {
|
||||||
|
response.Username = user.Name
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -452,10 +452,12 @@ func TestOAuthIntrospection(t *testing.T) {
|
|||||||
type introspectResponse struct {
|
type introspectResponse struct {
|
||||||
Active bool `json:"active"`
|
Active bool `json:"active"`
|
||||||
Scope string `json:"scope,omitempty"`
|
Scope string `json:"scope,omitempty"`
|
||||||
|
Username string `json:"username"`
|
||||||
}
|
}
|
||||||
introspectParsed := new(introspectResponse)
|
introspectParsed := new(introspectResponse)
|
||||||
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), introspectParsed))
|
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), introspectParsed))
|
||||||
assert.True(t, introspectParsed.Active)
|
assert.True(t, introspectParsed.Active)
|
||||||
|
assert.Equal(t, "user1", introspectParsed.Username)
|
||||||
|
|
||||||
// successful request with a valid client_id/client_secret, but an invalid token
|
// successful request with a valid client_id/client_secret, but an invalid token
|
||||||
req = NewRequestWithValues(t, "POST", "/login/oauth/introspect", map[string]string{
|
req = NewRequestWithValues(t, "POST", "/login/oauth/introspect", map[string]string{
|
||||||
|
Loading…
Reference in New Issue
Block a user