aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2020-08-03 21:43:21 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2020-08-03 21:43:21 +0200
commitba2050750fcb0b5c7919fda98bca4f7c13a36d14 (patch)
tree89c17431199de07f3dffb83d35660547bdd82b4e /src/reclaim
parentd973912f2f316fafecd03bdd8522c003cc89cb8a (diff)
downloadgnunet-ba2050750fcb0b5c7919fda98bca4f7c13a36d14.tar.gz
gnunet-ba2050750fcb0b5c7919fda98bca4f7c13a36d14.zip
-fix userinfo sub claim
Diffstat (limited to 'src/reclaim')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index e54473162..3db881244 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -2279,7 +2279,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2279 char *authorization_type; 2279 char *authorization_type;
2280 char *authorization_access_token; 2280 char *authorization_access_token;
2281 struct GNUNET_RECLAIM_Ticket *ticket; 2281 struct GNUNET_RECLAIM_Ticket *ticket;
2282 const struct EgoEntry *ego_entry; 2282 const struct EgoEntry *aud_ego;
2283 const struct EgoEntry *iss_ego;
2283 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; 2284 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
2284 2285
2285 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, 2286 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
@@ -2340,8 +2341,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2340 ticket = 2341 ticket =
2341 GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key); 2342 GNUNET_CONTAINER_multihashmap_get (OIDC_access_token_map, &cache_key);
2342 GNUNET_assert (NULL != ticket); 2343 GNUNET_assert (NULL != ticket);
2343 ego_entry = find_ego (handle, &ticket->audience); 2344 aud_ego = find_ego (handle, &ticket->audience);
2344 if (NULL == ego_entry) 2345 iss_ego = find_ego (handle, &ticket->identity);
2346 if ((NULL == aud_ego) || (NULL == iss_ego))
2345 { 2347 {
2346 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); 2348 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
2347 handle->edesc = GNUNET_strdup ("The access token expired"); 2349 handle->edesc = GNUNET_strdup ("The access token expired");
@@ -2355,8 +2357,9 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2355 handle->oidc->response = json_object (); 2357 handle->oidc->response = json_object ();
2356 json_object_set_new (handle->oidc->response, 2358 json_object_set_new (handle->oidc->response,
2357 "sub", 2359 "sub",
2358 json_string (ego_entry->keystring)); 2360 json_string (iss_ego->keystring));
2359 privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); 2361 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
2362
2360 handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, 2363 handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
2361 privkey, 2364 privkey,
2362 ticket, 2365 ticket,