we get closer

2023-11-06 19:59:31 +01:00 · 2023-11-06 19:59:31 +01:00 · ab2d527dbd
commit ab2d527dbd
parent 5828a9a5a2
2 changed files with 13 additions and 2 deletions
--- a/internal/provider/oidc.go
+++ b/internal/provider/oidc.go
@ -90,6 +90,7 @@ func (o *OIDC) ExchangeCode(redirectURI, code string) (string, error) {
 // GetUser uses the given token and returns a complete provider.User object
 func (o *OIDC) GetUser(token string) (User, error) {
 	var user User
+  var roles Roles

 	// Parse & Verify ID Token
 	idToken, err := o.verifier.Verify(o.ctx, token)
@ -104,8 +105,14 @@ func (o *OIDC) GetUser(token string) (User, error) {
 	if err := idToken.Claims(&user); err != nil {
 		return user, err
 	}
-
 	o.log.WithField("user", user).Debug("getUser")

-	return user, nil
+	if err := idToken.Claims(&roles); err != nil {
+		return user, err
+	}
+	o.log.WithField("roles", roles).Debug("getUser")
+
+
+  return user, errors.New("access denied")
+//	return user, nil
 }
--- a/internal/provider/providers.go
+++ b/internal/provider/providers.go
@ -33,6 +33,10 @@ type User struct {
 	Email string `json:"email"`
 }

+type Roles struct {
+  Roles []string `json:"roles"`
+}
+
 // OAuthProvider is a provider using the oauth2 library
 type OAuthProvider struct {
 	Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"`