Added auth route with basic debug information only at this
time
This commit is contained in:
60
src/api/routes/auth.js
Normal file
60
src/api/routes/auth.js
Normal file
@@ -0,0 +1,60 @@
|
||||
import { Router } from "express";
|
||||
import { logger } from "../../utils/index.js";
|
||||
import { decode } from "jsonwebtoken";
|
||||
import jwt from "jsonwebtoken";
|
||||
import base64url from "base64url";
|
||||
import jwkToPem from "jwk-to-pem";
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.post("/", (req, res) => {
|
||||
logger.debug("Auth route called");
|
||||
logger.debug("Headers:");
|
||||
logger.debug(JSON.stringify(req.headers, null, 2));
|
||||
logger.debug("Query:");
|
||||
logger.debug(JSON.stringify(req.query, null, 2));
|
||||
logger.debug("Body:");
|
||||
logger.debug(JSON.stringify(req.body, null, 2));
|
||||
var authHeader = req.headers.authorization;
|
||||
const prefix = "OIDC_id_token ";
|
||||
if (authHeader.startsWith(prefix)) {
|
||||
var token = authHeader.substring(prefix.length, authHeader.length);
|
||||
|
||||
// base64 should be URL encoded and padding should be removed.
|
||||
token = base64url.fromBase64(token.replace(/=/g, ""));
|
||||
|
||||
const jwk = {
|
||||
alg: "RS256",
|
||||
e: "AQAB",
|
||||
kid: "3818ed312ed8da55defd3a3fb48f56431ac1c02a3f6d2ad25c409fa0905457e9",
|
||||
kty: "RSA",
|
||||
n: "AKHh-mvG1TFYBn0nxSFPtU0PEG7fd27MGRWG92nP_FSXyLyMyIeUxKUWg5t1-2wK2ue8Z3lq8G9YqnoHfTmnKDT_zLESlKlAgx9KNeumedEQu18KyoGXK9eqnwNkV05sWGqMN4OXzp3s88o07ni2KDXiEv4UTBJP44VPDQlrophYNxA0H_BpedXUqd8J0hSheDwL_b_lktZDZB2UrgspadGPAsLLM7DRajmzB8sGXe0TZSD0jB2YnJAJZrNKzAbDeRPY4kHwt23_uM3Sa-cQe_mfQY1jkBJkz6ullCU-8twD3p3Ckdeq1g5duCD0vqPPXn5OCP8DsRpziOQSlv9p7c0=",
|
||||
use: "sig",
|
||||
};
|
||||
|
||||
var pem = jwkToPem(jwk);
|
||||
|
||||
try {
|
||||
const verified = jwt.verify(token, pem, { algorithms: ["RS256"] });
|
||||
logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`);
|
||||
} catch (err) {
|
||||
logger.error(
|
||||
`verify failed [${JSON.stringify(
|
||||
err,
|
||||
null,
|
||||
2
|
||||
)}]. This is most likely because we modified the token to be URL Base64 compatible during processing`
|
||||
);
|
||||
}
|
||||
|
||||
const decoded = decode(token);
|
||||
logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`);
|
||||
res.send(decoded);
|
||||
return;
|
||||
} else {
|
||||
//Error
|
||||
}
|
||||
res.send({});
|
||||
});
|
||||
|
||||
export default router;
|
||||
@@ -1,10 +1,12 @@
|
||||
import { Router } from "express";
|
||||
import config from "./config.js";
|
||||
import auth from "./auth.js";
|
||||
import interactionsFlows from "./interactions-flow.js";
|
||||
import udg from "./unified-data-gateway.js";
|
||||
const router = Router();
|
||||
|
||||
router.use("/config", config);
|
||||
router.use("/auth", auth);
|
||||
router.use("/interactions-flow", interactionsFlows);
|
||||
router.use("/unified-data-gateway", udg);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user