updateSessionWithRequest takes a session and a fosite.request as input and returns a new session. If any errors occur, they are logged.
( ctx context.Context, flow *flow.Flow, r *http.Request, request fosite.Requester, session *Session, )
| 1394 | // updateSessionWithRequest takes a session and a fosite.request as input and returns a new session. |
| 1395 | // If any errors occur, they are logged. |
| 1396 | func (h *Handler) updateSessionWithRequest( |
| 1397 | ctx context.Context, |
| 1398 | flow *flow.Flow, |
| 1399 | r *http.Request, |
| 1400 | request fosite.Requester, |
| 1401 | session *Session, |
| 1402 | ) (*Session, error) { |
| 1403 | for _, scope := range flow.GrantedScope { |
| 1404 | request.GrantScope(scope) |
| 1405 | } |
| 1406 | |
| 1407 | for _, audience := range flow.GrantedAudience { |
| 1408 | request.GrantAudience(audience) |
| 1409 | } |
| 1410 | |
| 1411 | openIDKeyID, err := h.r.OpenIDJWTSigner().GetPublicKeyID(ctx) |
| 1412 | if err != nil { |
| 1413 | x.LogError(r, err, h.r.Logger()) |
| 1414 | return nil, err |
| 1415 | } |
| 1416 | |
| 1417 | var accessTokenKeyID string |
| 1418 | if h.c.AccessTokenStrategy(ctx, client.AccessTokenStrategySource(request.GetClient())) == "jwt" { |
| 1419 | accessTokenKeyID, err = h.r.AccessTokenJWTSigner().GetPublicKeyID(ctx) |
| 1420 | if err != nil { |
| 1421 | x.LogError(r, err, h.r.Logger()) |
| 1422 | return nil, err |
| 1423 | } |
| 1424 | } |
| 1425 | |
| 1426 | obfuscatedSubject, err := h.r.ConsentStrategy().ObfuscateSubjectIdentifier(ctx, request.GetClient(), flow.Subject, flow.ForceSubjectIdentifier) |
| 1427 | if err != nil { |
| 1428 | x.LogError(r, err, h.r.Logger()) |
| 1429 | return nil, err |
| 1430 | } |
| 1431 | |
| 1432 | request.SetID(flow.ConsentRequestID.String()) |
| 1433 | claims := &jwt.IDTokenClaims{ |
| 1434 | Subject: obfuscatedSubject, |
| 1435 | Issuer: h.c.IssuerURL(ctx).String(), |
| 1436 | AuthTime: time.Time(flow.LoginAuthenticatedAt), |
| 1437 | RequestedAt: flow.RequestedAt, |
| 1438 | Extra: flow.SessionIDToken, |
| 1439 | AuthenticationContextClassReference: flow.ACR, |
| 1440 | AuthenticationMethodsReferences: flow.AMR, |
| 1441 | |
| 1442 | // These are required for work around https://github.com/ory/hydra/v2/fosite/issues/530 |
| 1443 | Nonce: request.GetRequestForm().Get("nonce"), |
| 1444 | Audience: []string{request.GetClient().GetID()}, |
| 1445 | IssuedAt: time.Now().Truncate(time.Second).UTC(), |
| 1446 | |
| 1447 | // This is set by the fosite strategy |
| 1448 | // ExpiresAt: time.Now().Add(h.IDTokenLifespan).UTC(), |
| 1449 | } |
| 1450 | claims.Add("sid", flow.SessionID) |
| 1451 | |
| 1452 | if session == nil { |
| 1453 | session = &Session{} |
no test coverage detected