Merge pull request #171 from AI-READI/auth-claims-error-handling

adding "otherMails"
AI-READI · Dec 19, 2024 · 1cf0d6e · 1cf0d6e
2 parents 9840bde + c687f19
commit 1cf0d6e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 11 deletions.
diff --git a/nuxt.config.ts b/nuxt.config.ts
@@ -103,11 +103,13 @@ export default defineNuxtConfig({
             : "https://fairhub.io",
       ENTRA_CONFIG: {
         authority:
-          "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED",
+          process.env.NUXT_SITE_ENV === "production"
+            ? "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED"
+            : "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TrustFrameworkBase_STAGING",
         clientId:
-          process.env.NUXT_SITE_ENV === "dev"
-            ? "444bfea9-2fec-44ed-a4d7-767616afa9a3"
-            : "d173c9cb-36ce-4c77-92f3-025e48f0e533",
+          process.env.NUXT_SITE_ENV === "production"
+            ? "d173c9cb-36ce-4c77-92f3-025e48f0e533"
+            : "444bfea9-2fec-44ed-a4d7-767616afa9a3",
         forbiddenUri:
           process.env.NUXT_SITE_ENV === "dev"
             ? "http://localhost:3000/forbiddenlogin"

diff --git a/server/routes/login.get.ts b/server/routes/login.get.ts
@@ -59,8 +59,16 @@ function getEmail(tokenResponse: AuthenticationResult): string {
     const emails = getTokenClaim({ ...tokenResponse.idTokenClaims }, "emails");
     email =
       Array.isArray(emails) && typeof emails[0] === "string" ? emails[0] : "";
+  } else if ("otherMails" in tokenResponse.idTokenClaims) {
+    const otherMails = getTokenClaim(
+      { ...tokenResponse.idTokenClaims },
+      "otherMails",
+    );
+    email =
+      Array.isArray(otherMails) && typeof otherMails[0] === "string"
+        ? otherMails[0]
+        : "";
   }
-
   return email;
 }
 
@@ -89,8 +97,6 @@ async function convertTokenResponse(tokenResponse: AuthenticationResult) {
     given_name: getStringTokenClaim(indexableClaims, "given_name"),
     idp: getStringTokenClaim(indexableClaims, "idp"),
     issuer,
-    organization: getStringTokenClaim(indexableClaims, "organization"),
-    phone: getStringTokenClaim(indexableClaims, "phone"),
     subject,
   });
 
@@ -172,11 +178,8 @@ export default defineEventHandler(async (event) => {
 
     const idpType = checkTokenIdPIsValid(tokenResponse);
 
-    console.log(`Got here with IDPTYPE: ${idpType}`);
-
     // check token for forbidden IdPs
     if (idpType === "valid") {
-      console.log("valid");
       const sessionUserDetails = await convertTokenResponse(tokenResponse);
       const tokenExpiration = getTokenExpiration(tokenResponse);
       await session.update({

diff --git a/types/download.d.ts b/types/download.d.ts
@@ -5,7 +5,9 @@ type SessionUserDetails = Omit<
   "created_at" | "updated_on"
 >;
 
-type LoginTokenClaims = Omit<SessionUserDetails, "id">;
+type LoginTokenClaims = Omit<
+  SessionUserDetails,
+  "id" | "phone" | "organization">;
 
 type Attestation = {
   id: string;