From ab2d527dbdfa342b783d5b75002a04fda24cafeb Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Mon, 6 Nov 2023 19:59:31 +0100
Subject: [PATCH] we get closer

---
 internal/provider/oidc.go      | 11 +++++++++--
 internal/provider/providers.go |  4 ++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/internal/provider/oidc.go b/internal/provider/oidc.go
index b8bbbb6..880b7ed 100644
--- a/internal/provider/oidc.go
+++ b/internal/provider/oidc.go
@@ -90,6 +90,7 @@ func (o *OIDC) ExchangeCode(redirectURI, code string) (string, error) {
 // GetUser uses the given token and returns a complete provider.User object
 func (o *OIDC) GetUser(token string) (User, error) {
 	var user User
+  var roles Roles
 
 	// Parse & Verify ID Token
 	idToken, err := o.verifier.Verify(o.ctx, token)
@@ -104,8 +105,14 @@ func (o *OIDC) GetUser(token string) (User, error) {
 	if err := idToken.Claims(&user); err != nil {
 		return user, err
 	}
-
 	o.log.WithField("user", user).Debug("getUser")
 
-	return user, nil
+	if err := idToken.Claims(&roles); err != nil {
+		return user, err
+	}
+	o.log.WithField("roles", roles).Debug("getUser")
+
+
+  return user, errors.New("access denied")
+//	return user, nil
 }
diff --git a/internal/provider/providers.go b/internal/provider/providers.go
index 1acfff2..558e776 100644
--- a/internal/provider/providers.go
+++ b/internal/provider/providers.go
@@ -33,6 +33,10 @@ type User struct {
 	Email string `json:"email"`
 }
 
+type Roles struct {
+  Roles []string `json:"roles"`
+}
+
 // OAuthProvider is a provider using the oauth2 library
 type OAuthProvider struct {
 	Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"`