FEATURE: users can now login via an openID client

2021-07-27 16:37:01 +02:00 · 2021-07-27 16:37:01 +02:00 · 9c803a69ff
commit 9c803a69ff
parent 74975ac9d8
26 changed files with 866 additions and 1536 deletions
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@ -0,0 +1,43 @@
+import { Issuer, Client } from "openid-client";
+import { OPID_CLIENT_ID, OPID_CLIENT_SECRET, OPID_CLIENT_ISSUER, FRONT_URL } from "../Enum/EnvironmentVariable";
+
+const opidRedirectUri = FRONT_URL + "/jwt";
+
+class OpenIDClient {
+    private issuerPromise: Promise<Client> | null = null;
+
+    private initClient(): Promise<Client> {
+        if (!this.issuerPromise) {
+            this.issuerPromise = Issuer.discover(OPID_CLIENT_ISSUER).then((issuer) => {
+                return new issuer.Client({
+                    client_id: OPID_CLIENT_ID,
+                    client_secret: OPID_CLIENT_SECRET,
+                    redirect_uris: [opidRedirectUri],
+                    response_types: ["code"],
+                });
+            });
+        }
+        return this.issuerPromise;
+    }
+
+    public authorizationUrl(state: string, nonce: string) {
+        return this.initClient().then((client) => {
+            return client.authorizationUrl({
+                scope: "openid email",
+                prompt: "login",
+                state: state,
+                nonce: nonce,
+            });
+        });
+    }
+
+    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string }> {
+        return this.initClient().then((client) => {
+            return client.callback(opidRedirectUri, { code }, { nonce }).then((tokenSet) => {
+                return client.userinfo(tokenSet);
+            });
+        });
+    }
+}
+
+export const openIDClient = new OpenIDClient();