towk/opaal
1
0
Fork 0
mirror of https://github.com/davidallendj/opaal.git synced 2025-12-20 11:37:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added audience override for token sent to authorization server

Browse source
This commit is contained in:
David J. Allen 2024-04-29 14:50:48 -06:00
parent 20ba7bc735
commit c67c6f75a2
No known key found for this signature in database
GPG key ID: 717C593FF60A2ACC
3 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/flows/jwt_bearer.go
View file

@ -23,6 +23,7 @@ type JwtBearerFlowParams struct {
// IdentityProvider *oidc.IdentityProvider
TrustedIssuer *oauth.TrustedIssuer
Client *oauth.Client
Audience []string
Refresh bool
Verbose bool
KeyPath string
@ -143,6 +144,11 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
payload["exp"] = time.Now().Add(time.Second * 3600 * 16).Unix()
payload["sub"] = "opaal"
// if an "audience" value is set, then override the token endpoint value
if len(params.Audience) > 0 {
payload["aud"] = params.Audience
}
// include the offline_access scope if refresh tokens are enabled
if params.Refresh {
v, ok := payload["scope"]