diff options
| -rw-r--r-- | VPNAuth.Server/Api/Oidc.cs | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/VPNAuth.Server/Api/Oidc.cs b/VPNAuth.Server/Api/Oidc.cs index 8b984c7..e8ff3c0 100644 --- a/VPNAuth.Server/Api/Oidc.cs +++ b/VPNAuth.Server/Api/Oidc.cs @@ -38,6 +38,12 @@ public static class Oidc return; } + if (!tokenDbEntry.Scopes.Contains("openid")) + { + context.Response.StatusCode = StatusCodes.Status403Forbidden; + return; + } + var userInformation = db.UserInformation .Where(entry => entry.Sub == tokenDbEntry.Username) .ToList() @@ -49,15 +55,22 @@ public static class Oidc return; } - context.Response.WriteAsJsonAsync(new UserInfo + var userInfoResponse = new UserInfo(); + + if (tokenDbEntry.Scopes.Contains("profile")) { - Email = userInformation.Email, - GivenName = userInformation.GivenName, - FamilyName = userInformation.FamilyName, - Name = userInformation.Name, - Picture = userInformation.Picture, - PreferredUsername = userInformation.PreferredUsername, - Sub = userInformation.Sub - }); + userInfoResponse.GivenName = userInformation.GivenName; + userInfoResponse.FamilyName = userInformation.FamilyName; + userInfoResponse.Name = userInformation.Name; + userInfoResponse.Picture = userInformation.Picture; + userInfoResponse.PreferredUsername = userInformation.PreferredUsername; + } + + if (tokenDbEntry.Scopes.Contains("email")) + userInfoResponse.Email = userInformation.Email; + + userInfoResponse.Sub = userInformation.Sub; + + await context.Response.WriteAsJsonAsync(userInfoResponse); } } |