diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 204248d63..7988dc96a 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -353,8 +353,9 @@ func IntrospectOAuth(ctx *context.Context) { } var response struct { - Active bool `json:"active"` - Scope string `json:"scope,omitempty"` + Active bool `json:"active"` + Scope string `json:"scope,omitempty"` + Username string `json:"username,omitempty"` jwt.RegisteredClaims } @@ -371,6 +372,9 @@ func IntrospectOAuth(ctx *context.Context) { response.Audience = []string{app.ClientID} response.Subject = fmt.Sprint(grant.UserID) } + if user, err := user_model.GetUserByID(ctx, grant.UserID); err == nil { + response.Username = user.Name + } } } diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go index c3f0abbe1..b1acf90d1 100644 --- a/tests/integration/oauth_test.go +++ b/tests/integration/oauth_test.go @@ -450,12 +450,14 @@ func TestOAuthIntrospection(t *testing.T) { req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9") resp = MakeRequest(t, req, http.StatusOK) type introspectResponse struct { - Active bool `json:"active"` - Scope string `json:"scope,omitempty"` + Active bool `json:"active"` + Scope string `json:"scope,omitempty"` + Username string `json:"username"` } introspectParsed := new(introspectResponse) assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), introspectParsed)) assert.True(t, introspectParsed.Active) + assert.Equal(t, "user1", introspectParsed.Username) // successful request with a valid client_id/client_secret, but an invalid token req = NewRequestWithValues(t, "POST", "/login/oauth/introspect", map[string]string{