♻️ Separate application domain and token issuer
This commit is contained in:
@ -12,7 +12,7 @@ func getOidcConfiguration(c *fiber.Ctx) error {
|
||||
basepath := fmt.Sprintf("https://%s", domain)
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"issuer": basepath,
|
||||
"issuer": viper.GetString("security.issuer"),
|
||||
"authorization_endpoint": fmt.Sprintf("%s/authorize", basepath),
|
||||
"token_endpoint": fmt.Sprintf("%s/api/auth/token", basepath),
|
||||
"userinfo_endpoint": fmt.Sprintf("%s/api/users/me", basepath),
|
||||
|
@ -20,7 +20,7 @@ type PayloadClaims struct {
|
||||
Nick string `json:"preferred_username,omitempty"`
|
||||
Email string `json:"email,omitempty"`
|
||||
|
||||
// Additonal Stuff
|
||||
// Additional Stuff
|
||||
AuthorizedParties string `json:"azp,omitempty"`
|
||||
Nonce string `json:"nonce,omitempty"`
|
||||
Type string `json:"typ"`
|
||||
@ -44,7 +44,7 @@ func EncodeJwt(id string, typ, sub, sed string, nonce *string, aud []string, exp
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Subject: sub,
|
||||
Audience: aud,
|
||||
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
|
||||
Issuer: viper.GetString("security.issuer"),
|
||||
ExpiresAt: jwt.NewNumericDate(exp),
|
||||
NotBefore: jwt.NewNumericDate(time.Now()),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
|
@ -11,7 +11,7 @@ import (
|
||||
"github.com/samber/lo"
|
||||
)
|
||||
|
||||
const InternalTokenAudience = "passport"
|
||||
const InternalTokenAudience = "solar-network"
|
||||
|
||||
func DetectRisk(user models.Account, ip, ua string) bool {
|
||||
var clue int64
|
||||
|
Reference in New Issue
Block a user