Skip to content

Commit

Permalink
Merge pull request #12 from RADAR-base/feat/consent-module
Browse files Browse the repository at this point in the history
Add initial hydra consent module
  • Loading branch information
mpgxvii authored Sep 3, 2024
2 parents b9b9428 + a3b29e5 commit f4cde4f
Show file tree
Hide file tree
Showing 6 changed files with 331 additions and 45 deletions.
120 changes: 78 additions & 42 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"module": "dist/index.mjs",
"typings": "dist/index.d.ts",
"dependencies": {
"@ory/client": "^0.0.0-next.f88d10559361",
"@ory/client": "1.6.2",
"@ory/integrations": "0.2.8",
"@ory/themes": "~0.0.101",
"classnames": "^2.3.1",
Expand Down
80 changes: 80 additions & 0 deletions pages/api/consent.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
import { Configuration, OAuth2Api } from "@ory/client"
import { NextApiRequest, NextApiResponse } from "next"

const hydra = new OAuth2Api(
new Configuration({
basePath: process.env.HYDRA_ADMIN_URL,
baseOptions: {
"X-Forwarded-Proto": "https",
withCredentials: true,
},
}),
)

// Helper function to extract session data
const extractSession = (identity: any, grantScope: string[]) => {
const session: any = {
access_token: {
roles: identity.metadata_public.roles,
scope: identity.metadata_public.scope,
authorities: identity.metadata_public.authorities,
sources: identity.metadata_public.sources,
user_name: identity.metadata_public.mp_login,
},
id_token: {},
}
return session
}

export default async (req: NextApiRequest, res: NextApiResponse) => {
const { consentChallenge, consentAction, grantScope, remember, identity } =
req.body

try {
if (req.method === "GET") {
const { consent_challenge } = req.query
const response = await hydra.getOAuth2ConsentRequest({
consentChallenge: String(consent_challenge),
})
return res.status(200).json(response.data)
} else {
if (!consentChallenge || !consentAction) {
return res.status(400).json({ error: "Missing required parameters" })
}
if (consentAction === "accept") {
const { data: body } = await hydra.getOAuth2ConsentRequest({
consentChallenge,
})
const session = extractSession(identity, grantScope)
const acceptResponse = await hydra.acceptOAuth2ConsentRequest({
consentChallenge,
acceptOAuth2ConsentRequest: {
grant_scope: grantScope,
grant_access_token_audience: body.requested_access_token_audience,
session,
remember: Boolean(remember),
remember_for: 3600,
},
})
return res
.status(200)
.json({ redirect_to: acceptResponse.data.redirect_to })
} else {
const rejectResponse = await hydra.rejectOAuth2ConsentRequest({
consentChallenge,
rejectOAuth2Request: {
error: "access_denied",
error_description: "The resource owner denied the request",
},
})

return res
.status(200)
.json({ redirect_to: rejectResponse.data.redirect_to })
}
}
} catch (error) {
console.error(error)
return res.status(500).json({ error: "Internal server error" })
}
}
Loading

0 comments on commit f4cde4f

Please sign in to comment.