Skip to content

Commit

Permalink
feat: allow additional claims in access token
Browse files Browse the repository at this point in the history
Signed-off-by: Timo Glastra <[email protected]>
  • Loading branch information
TimoGlastra committed Oct 15, 2024
1 parent f4f0362 commit 1f73783
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion packages/issuer/lib/tokens/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,13 @@ export interface ITokenEndpointOpts {

export const generateAccessToken = async (
opts: Required<Pick<ITokenEndpointOpts, 'accessTokenSignerCallback' | 'tokenExpiresIn' | 'accessTokenIssuer'>> & {
additionalClaims?: Record<string, unknown>
preAuthorizedCode?: string
alg?: Alg
dPoPJwk?: JWK
},
): Promise<string> => {
const { dPoPJwk, accessTokenIssuer, alg, accessTokenSignerCallback, tokenExpiresIn, preAuthorizedCode } = opts
const { dPoPJwk, accessTokenIssuer, alg, accessTokenSignerCallback, tokenExpiresIn, preAuthorizedCode, additionalClaims } = opts
// JWT uses seconds for iat and exp
const iat = new Date().getTime() / 1000
const exp = iat + tokenExpiresIn
Expand All @@ -63,6 +64,7 @@ export const generateAccessToken = async (
// evaluation process is performed for bearer tokens to prevent downgraded usage of a DPoP-bound access token.
// Specifically, such a protected resource MUST reject a DPoP-bound access token received as a bearer token per [RFC6750].
token_type: dPoPJwk ? 'DPoP' : 'Bearer',
...additionalClaims,
},
}
return await accessTokenSignerCallback(jwt)
Expand Down

0 comments on commit 1f73783

Please sign in to comment.