Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oidc-auth): access and set claims #711

Merged
merged 5 commits into from
Aug 26, 2024
Merged

feat(oidc-auth): access and set claims #711

merged 5 commits into from
Aug 26, 2024

Conversation

ameinhardt
Copy link
Contributor

@ameinhardt ameinhardt commented Aug 24, 2024
edited
Loading

I'd like to use 'profile' scope to get additional claims from google. In order to not having to forward all id claims to the session token, this pull request proposes an "oidcClaimsHook" as environment variable. If used, it has access to the claims, actual response (i.e. for retrieving full profile from access server) and returning claims for the session token.

Define environment variable to define oauth scope instead of full scopes_supported, e.g.

OIDC_SCOPES=openid email profile

Define an oidcClaimsHook to access original claims and return the ones for session token, e.g.:

import type { IDToken, OidcAuth, TokenEndpointResponses } from '@hono/oidc-auth';

declare module 'hono' {
  interface OidcAuthClaims {
    name: string
    sub: string
  }
}

const oidcClaimsHook = async (orig: OidcAuth | undefined, claims: IDToken | undefined, _response: TokenEndpointResponses): Promise<OidcAuthClaims> => ({
  name: claims?.name as string ?? orig?.name ?? '',
  sub: claims?.sub ?? orig?.sub ?? ''
}),
...
app.get('/callback', async (c) => {
  c.set('oidcClaimsHook', oidcClaimsHook);
  return processOAuthCallback(c);
})
...
...

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 24, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 0df6385

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@hono/oidc-auth Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

yusukebe
yusukebe approved these changes Aug 26, 2024
View reviewed changes
Copy link
Member

@yusukebe yusukebe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@yusukebe
Copy link
Member

@ameinhardt

I've merged the current main and refactored about type things. Looks good. Let's go with it. Thanks!

@yusukebe yusukebe merged commit 5675a5f into honojs:main Aug 26, 2024
1 check passed
@github-actions github-actions bot mentioned this pull request Aug 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yusukebe yusukebe yusukebe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ameinhardt @yusukebe