fix: sign id token using client secret

2024-09-21 15:43:35 +05:00 · 2024-09-21 15:43:35 +05:00 · 13461897b4
commit 13461897b4
parent 51d627efa4
2 changed files with 5 additions and 1 deletions
--- a/lib/comfycamp/token.ex
+++ b/lib/comfycamp/token.ex
@ -3,6 +3,10 @@ defmodule Comfycamp.Token do

  def sign(claims) do
    secret = Application.fetch_env!(:comfycamp, :jwt_secret)
+    sign(claims, secret)
+  end
+
+  def sign(claims, secret) do
    signer = Joken.Signer.create("HS256", secret)
    Joken.Signer.sign(claims, signer)
  end
--- a/lib/comfycamp_web/controllers/oauth_controller.ex
+++ b/lib/comfycamp_web/controllers/oauth_controller.ex
@ -99,7 +99,7 @@ defmodule ComfycampWeb.OauthController do
    {access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user)

    id_token = IDToken.build_id_token(code.user, oidc_app.client_id)
-    {:ok, signed_id_token} = Token.sign(id_token)
+    {:ok, signed_id_token} = Token.sign(id_token, client_secret)

    render(conn, :token,
      access_token: Base.url_encode64(access_token),