Retrieve jwt user info from id token (#7424)

Co-authored-by: Nelson Silva <nsilva@nuxeo.com>
2025-05-26 17:24:56 +00:00 · 2021-12-14 10:44:19 +01:00 · 2021-12-14 10:44:19 +01:00 · 1cbee53cdb
commit 1cbee53cdb
parent ddcd97ca37
3 changed files with 48 additions and 10 deletions
--- a/lib/core/services/identity-user.service.spec.ts
+++ b/lib/core/services/identity-user.service.spec.ts
@ -25,7 +25,8 @@ import {
    mockIdentityUsers
 } from '../mock/identity-user.mock';
 import { mockJoinGroupRequest } from '../mock/identity-group.mock';
-import { IdentityUserService } from '../services/identity-user.service';
+import { IdentityUserService } from './identity-user.service';
+import { JwtHelperService } from './jwt-helper.service';
 import { setupTestBed } from '../testing/setup-test-bed';
 import { AlfrescoApiService } from './alfresco-api.service';
 import { mockToken } from '../mock/jwt-helper.service.spec';
@ -83,8 +84,18 @@ describe('IdentityUserService', () => {
        });
    });

-    it('should fetch identity user info from Jwt token', () => {
-        localStorage.setItem('access_token', mockToken);
+    it('should fetch identity user info from Jwt id token', () => {
+        localStorage.setItem(JwtHelperService.USER_ID_TOKEN, mockToken);
+        const user = service.getCurrentUserInfo();
+        expect(user).toBeDefined();
+        expect(user.firstName).toEqual('John');
+        expect(user.lastName).toEqual('Doe');
+        expect(user.email).toEqual('johnDoe@gmail.com');
+        expect(user.username).toEqual('johnDoe1');
+    });
+
+    it('should fallback on Jwt access token for identity user info', () => {
+        localStorage.setItem(JwtHelperService.USER_ACCESS_TOKEN, mockToken);
        const user = service.getCurrentUserInfo();
        expect(user).toBeDefined();
        expect(user.firstName).toEqual('John');
--- a/lib/core/services/identity-user.service.ts
+++ b/lib/core/services/identity-user.service.ts
@ -49,10 +49,10 @@ export class IdentityUserService implements IdentityUserServiceInterface {
     * @returns The user's details
     */
    getCurrentUserInfo(): IdentityUserModel {
-        const familyName = this.jwtHelperService.getValueFromLocalAccessToken<string>(JwtHelperService.FAMILY_NAME);
-        const givenName = this.jwtHelperService.getValueFromLocalAccessToken<string>(JwtHelperService.GIVEN_NAME);
-        const email = this.jwtHelperService.getValueFromLocalAccessToken<string>(JwtHelperService.USER_EMAIL);
-        const username = this.jwtHelperService.getValueFromLocalAccessToken<string>(JwtHelperService.USER_PREFERRED_USERNAME);
+        const familyName = this.jwtHelperService.getValueFromLocalToken<string>(JwtHelperService.FAMILY_NAME);
+        const givenName = this.jwtHelperService.getValueFromLocalToken<string>(JwtHelperService.GIVEN_NAME);
+        const email = this.jwtHelperService.getValueFromLocalToken<string>(JwtHelperService.USER_EMAIL);
+        const username = this.jwtHelperService.getValueFromLocalToken<string>(JwtHelperService.USER_PREFERRED_USERNAME);
        return { firstName: givenName, lastName: familyName, email: email, username: username };
    }

--- a/lib/core/services/jwt-helper.service.ts
+++ b/lib/core/services/jwt-helper.service.ts
@ -28,6 +28,7 @@ export class JwtHelperService {
    static GIVEN_NAME = 'given_name';
    static USER_EMAIL = 'email';
    static USER_ACCESS_TOKEN = 'access_token';
+    static USER_ID_TOKEN = 'id_token';
    static REALM_ACCESS = 'realm_access';
    static RESOURCE_ACCESS = 'resource_access';
    static USER_PREFERRED_USERNAME = 'preferred_username';
@ -76,6 +77,15 @@ export class JwtHelperService {
        return decodeURIComponent(escape(window.atob(output)));
    }

+    /**
+     * Gets a named value from the user access or id token.
+     * @param key Key name of the field to retrieve
+     * @returns Value from the token
+     */
+     getValueFromLocalToken<T>(key: string): T {
+        return this.getValueFromToken(this.getAccessToken(), key) || this.getValueFromToken(this.getIdToken(), key);
+    }
+
    /**
     * Gets a named value from the user access token.
     * @param key Key name of the field to retrieve
@ -93,16 +103,33 @@ export class JwtHelperService {
        return this.storageService.getItem(JwtHelperService.USER_ACCESS_TOKEN);
    }

+    /**
+     * Gets a named value from the user id token.
+     * @param key Key name of the field to retrieve
+     * @returns Value from the token
+     */
+     getValueFromLocalIdToken<T>(key: string): T {
+        return this.getValueFromToken(this.getIdToken(), key);
+    }
+
+    /**
+     * Gets id token
+     * @returns id token
+     */
+     getIdToken(): string {
+        return this.storageService.getItem(JwtHelperService.USER_ID_TOKEN);
+    }
+
    /**
     * Gets a named value from the user access token.
     * @param accessToken your SSO access token where the value is encode
     * @param key Key name of the field to retrieve
     * @returns Value from the token
     */
-    getValueFromToken<T>(accessToken: string, key: string): T {
+    getValueFromToken<T>(token: string, key: string): T {
        let value;
-        if (accessToken) {
-            const tokenPayload = this.decodeToken(accessToken);
+        if (token) {
+            const tokenPayload = this.decodeToken(token);
            value = tokenPayload[key];
        }
        return <T> value;