From 13461897b47134b02dafa9664a51c51a01645e82 Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <admin@comfycamp.space>
Date: Sat, 21 Sep 2024 15:43:35 +0500
Subject: [PATCH] fix: sign id token using client secret

---
 lib/comfycamp/token.ex                            | 4 ++++
 lib/comfycamp_web/controllers/oauth_controller.ex | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/comfycamp/token.ex b/lib/comfycamp/token.ex
index 88671f3..6f14cd1 100644
--- a/lib/comfycamp/token.ex
+++ b/lib/comfycamp/token.ex
@@ -3,6 +3,10 @@ defmodule Comfycamp.Token do
 
   def sign(claims) do
     secret = Application.fetch_env!(:comfycamp, :jwt_secret)
+    sign(claims, secret)
+  end
+
+  def sign(claims, secret) do
     signer = Joken.Signer.create("HS256", secret)
     Joken.Signer.sign(claims, signer)
   end
diff --git a/lib/comfycamp_web/controllers/oauth_controller.ex b/lib/comfycamp_web/controllers/oauth_controller.ex
index 9c3398f..39e1c35 100644
--- a/lib/comfycamp_web/controllers/oauth_controller.ex
+++ b/lib/comfycamp_web/controllers/oauth_controller.ex
@@ -99,7 +99,7 @@ defmodule ComfycampWeb.OauthController do
     {access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user)
 
     id_token = IDToken.build_id_token(code.user, oidc_app.client_id)
-    {:ok, signed_id_token} = Token.sign(id_token)
+    {:ok, signed_id_token} = Token.sign(id_token, client_secret)
 
     render(conn, :token,
       access_token: Base.url_encode64(access_token),