RaspberryPiFoundation/omniauth-rpi

Auth Bypass should return an access token

Opened this issue · 0 comments

patch0 commented

We're using access tokens more and more, but the stubbed RpiAuthBypass module doesn't return a full set of data.

If I log in via profile, I get the following set of data back

{
  "provider": "rpi",
  "uid": "db157643-bf50-4cd4-822a-cc022f128f17",
  "info": {
    "email": "john.doe@example.com",
    "username": "",
    "name": "John Doe",
    "nickname": "John",
    "image": "http://localhost:3002/profile/db157643-bf50-4cd4-822a-cc022f128f17/avatar"
  },
  "credentials": {
    "token": "RXqz8MmncROv8uo-uvkM2HZuYi6jNElWd9rxSUn-32g.5aRhpP4DwV1SsmFwI4LwkERvmGk0hUo2wIf5gosVxrg",
    "expires_at": 1670001627,
    "expires": true
  },
  "extra": {
    "raw_info": {
      "at_hash": "yDbc0aFcNfNXgJ0CgbvZHA",
      "aud": [
        "coderdojo-frontend-dev"
      ],
      "auth_time": 1669998027,
      "country": "United Kingdom",
      "country_code": "GB",
      "email": "john.doe@example.com",
      "email_verified": true,
      "exp": 1670001628,
      "iat": 1669998028,
      "iss": "http://localhost:9001/",
      "jti": "9f010af3-5b73-4b9b-94d3-cf1825163df6",
      "name": "John Doe",
      "nickname": "John",
      "nonce": "",
      "picture": "http://localhost:3002/profile/db157643-bf50-4cd4-822a-cc022f128f17/avatar",
      "postcode": null,
      "profile": "http://localhost:3002/profile",
      "rat": 1669998016,
      "roles": "",
      "sid": "4effdaad-0854-4bab-857c-6451beac60e6",
      "sub": "db157643-bf50-4cd4-822a-cc022f128f17",
      "user": "db157643-bf50-4cd4-822a-cc022f128f17",
      "username": ""
    }
  }
}

If I enable "auth bypass", I get:

{
  "provider": "rpi",
  "uid": "b6301f34-b970-4d4f-8314-f877bad8b150",
  "info": {
    "name": "Web Team",
    "nickname": "Web",
    "email": "web@raspberrypi.org",
    "username": "webteam",
    "image": "https://www.placecage.com/200/200"
  },
  "extra": {
    "raw_info": {
      "roles": "user",
      "name": "Web Team",
      "nickname": "Web",
      "email": "web@raspberrypi.org",
      "username": "webteam",
      "country": "United Kingdom",
      "country_code": "GB",
      "postcode": "SW1A 1AA",
      "profile": "https://profile.raspberrypi.org/not/a/real/path",
      "avatar": "https://www.placecage.com/200/200"
    }
  }
}

One of the bits that is missing in the second lot of data (amongst others) is the credentials entry. For bypass to work in coderdojo-frontend (amongst others) the credentials hash is needed.