Skip to content
This repository was archived by the owner on Feb 25, 2025. It is now read-only.

Commit 2d8b889

Browse files
josxhajosxha
committed
use idToken
1 parent 01a7ea1 commit 2d8b889

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

KratosSelfService/Controllers/OAuth2Controller.cs

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
1-
using KratosSelfService.Models;
1+
using KratosSelfService.Extensions;
2+
using KratosSelfService.Models;
23
using KratosSelfService.Services;
34
using Microsoft.AspNetCore.Mvc;
45
using Ory.Hydra.Client.Model;
@@ -48,7 +49,7 @@ public async Task<IActionResult> ConsentGet([FromQuery(Name = "consent_challenge
4849
public async Task<IActionResult> ConsentPost(
4950
[FromForm(Name = "consent_challenge")] string challenge,
5051
[FromForm] bool remember,
51-
[FromForm(Name = "grant_scope")] List<string> grantScopes,
52+
[FromForm(Name = "grant_scope")] List<string> grantScopes,
5253
[FromForm] string action)
5354
{
5455
if (env.HydraAdminUrl == null) return NotFound();
@@ -78,7 +79,18 @@ public async Task<IActionResult> ConsentPost(
7879
logger.LogDebug("Consent request was accepted by the user");
7980
var consentRequest = await oAuth2Api.GetOAuth2ConsentRequestAsync(challenge);
8081

81-
var session = new HydraAcceptOAuth2ConsentRequestSession();
82+
var kratosSession = HttpContext.GetSession()!;
83+
var kratosTraits = (Dictionary<string, dynamic>)kratosSession.Identity.Traits;
84+
85+
// https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
86+
var idToken = new Dictionary<string, dynamic>();
87+
88+
// TODO use configuration to dynamically map scopes to traits
89+
if (grantScopes.Contains("email") && kratosTraits["email"] != null)
90+
idToken["email"] = kratosTraits["email"];
91+
92+
// The session allows us to set session data for id and access tokens
93+
var hydraSession = new HydraAcceptOAuth2ConsentRequestSession(idToken: idToken);
8294

8395
var acceptRequest = await oAuth2Api.AcceptOAuth2ConsentRequestAsync(challenge,
8496
new HydraAcceptOAuth2ConsentRequest
@@ -91,7 +103,7 @@ public async Task<IActionResult> ConsentPost(
91103
// can peak inside the code for some ideas, but be aware that all data is fake
92104
// and this only exists to fake a login system which works in accordance to OpenID Connect.
93105
// If that variable is not set, the session will be used as-is.
94-
Session = session,
106+
Session = hydraSession,
95107
// ORY Hydra checks if requested audiences are allowed by the client, so we can simply echo this.
96108
GrantAccessTokenAudience = consentRequest.RequestedAccessTokenAudience,
97109
// This tells hydra to remember this consent request and allow the same client to request the same

0 commit comments

Comments
 (0)