append token data also in introspection

256dpi · Nov 26, 2019 · 0588120 · 0588120
1 parent f867126
commit 0588120
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/flame/authenticator.go b/flame/authenticator.go
@@ -816,6 +816,12 @@ func (a *Authenticator) introspectionEndpoint(env *environment) {
 			return
 		}
 
+		// get resource owner
+		var resourceOwner ResourceOwner
+		if data.ResourceOwnerID != nil {
+			resourceOwner = a.getFirstResourceOwner(env, client, *data.ResourceOwnerID)
+		}
+
 		// get validity
 		expired := data.ExpiresAt.Before(time.Now())
 
@@ -834,6 +840,7 @@ func (a *Authenticator) introspectionEndpoint(env *environment) {
 			res.ExpiresAt = data.ExpiresAt.Unix()
 			res.IssuedAt = token.ID().Timestamp().Unix()
 			res.Identifier = token.ID().Hex()
+			res.Extra = a.policy.TokenData(client, resourceOwner, token)
 		}
 	}
 

diff --git a/flame/policy.go b/flame/policy.go
@@ -86,7 +86,8 @@ type Policy struct {
 	ApproveStrategy func(GenericToken, oauth2.Scope, Client, ResourceOwner) (oauth2.Scope, error)
 
 	// TokenData may return a map of data that should be included in the
-	// generated JWT tokens as the "dat" field.
+	// generated JWT tokens as the "dat" field as well as in the token
+	// introspection's response "extra" field.
 	TokenData func(Client, ResourceOwner, GenericToken) map[string]interface{}
 
 	// The token and code lifespans.