From 0e1dca28c4736ca84e26b6cd5ec272cdc96e7914 Mon Sep 17 00:00:00 2001 From: Eamon Dysinger Date: Wed, 18 Dec 2024 09:23:38 -0800 Subject: [PATCH 1/2] 12/18/2024: added otherMails claim to return user-specified email when no email claim is returned from IdP, and logic to select the first of those returned otherMails as email as last choice --- nuxt.config.ts | 10 ++++++---- server/routes/login.get.ts | 15 +++++++++------ server/utils/getOrCreateUserDetails.ts | 2 -- types/download.d.ts | 4 +++- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/nuxt.config.ts b/nuxt.config.ts index 1104c7f..0037928 100644 --- a/nuxt.config.ts +++ b/nuxt.config.ts @@ -107,11 +107,13 @@ export default defineNuxtConfig({ : "https://fairhub.io", ENTRA_CONFIG: { authority: - "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED", + process.env.NUXT_SITE_ENV === "production" + ? "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED" + : "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TrustFrameworkBase_STAGING", clientId: - process.env.NUXT_SITE_ENV === "dev" - ? "444bfea9-2fec-44ed-a4d7-767616afa9a3" - : "d173c9cb-36ce-4c77-92f3-025e48f0e533", + process.env.NUXT_SITE_ENV === "production" + ? "d173c9cb-36ce-4c77-92f3-025e48f0e533" + : "444bfea9-2fec-44ed-a4d7-767616afa9a3", forbiddenUri: process.env.NUXT_SITE_ENV === "dev" ? "http://localhost:3000/forbiddenlogin" diff --git a/server/routes/login.get.ts b/server/routes/login.get.ts index f3142da..3b2b99f 100644 --- a/server/routes/login.get.ts +++ b/server/routes/login.get.ts @@ -59,8 +59,16 @@ function getEmail(tokenResponse: AuthenticationResult): string { const emails = getTokenClaim({ ...tokenResponse.idTokenClaims }, "emails"); email = Array.isArray(emails) && typeof emails[0] === "string" ? emails[0] : ""; + } else if ("otherMails" in tokenResponse.idTokenClaims) { + const otherMails = getTokenClaim( + { ...tokenResponse.idTokenClaims }, + "otherMails", + ); + email = + Array.isArray(otherMails) && typeof otherMails[0] === "string" + ? otherMails[0] + : ""; } - return email; } @@ -89,8 +97,6 @@ async function convertTokenResponse(tokenResponse: AuthenticationResult) { given_name: getStringTokenClaim(indexableClaims, "given_name"), idp: getStringTokenClaim(indexableClaims, "idp"), issuer, - organization: getStringTokenClaim(indexableClaims, "organization"), - phone: getStringTokenClaim(indexableClaims, "phone"), subject, }); @@ -172,11 +178,8 @@ export default defineEventHandler(async (event) => { const idpType = checkTokenIdPIsValid(tokenResponse); - console.log(`Got here with IDPTYPE: ${idpType}`); - // check token for forbidden IdPs if (idpType === "valid") { - console.log("valid"); const sessionUserDetails = await convertTokenResponse(tokenResponse); const tokenExpiration = getTokenExpiration(tokenResponse); await session.update({ diff --git a/server/utils/getOrCreateUserDetails.ts b/server/utils/getOrCreateUserDetails.ts index 43626b0..dff77f2 100644 --- a/server/utils/getOrCreateUserDetails.ts +++ b/server/utils/getOrCreateUserDetails.ts @@ -21,8 +21,6 @@ export async function findOrCreateUserDetails( given_name: true, idp: true, issuer: true, - organization: true, - phone: true, subject: true, }; diff --git a/types/download.d.ts b/types/download.d.ts index ad54430..f00d8b1 100644 --- a/types/download.d.ts +++ b/types/download.d.ts @@ -5,7 +5,9 @@ type SessionUserDetails = Omit< "created_at" | "updated_on" >; -type LoginTokenClaims = Omit; +type LoginTokenClaims = Omit< + SessionUserDetails, + "id" | "phone" | "organization">; type Attestation = { id: string; From c687f19bc048ce1de4f403d5a74dcf5f84216934 Mon Sep 17 00:00:00 2001 From: Eamon Dysinger Date: Wed, 18 Dec 2024 16:37:28 -0800 Subject: [PATCH 2/2] re-adding organization and phone attributes to selectProps --- server/utils/getOrCreateUserDetails.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/utils/getOrCreateUserDetails.ts b/server/utils/getOrCreateUserDetails.ts index dff77f2..43626b0 100644 --- a/server/utils/getOrCreateUserDetails.ts +++ b/server/utils/getOrCreateUserDetails.ts @@ -21,6 +21,8 @@ export async function findOrCreateUserDetails( given_name: true, idp: true, issuer: true, + organization: true, + phone: true, subject: true, };