Go: Id token content

[monok-o]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Hello, this is probably not a bug but I can't find anything in the document or in other repo. It seems that the API have been changed and I'm now struggling to just set the IdToken because it ask map[string]map[string]interface{} while I understand that the IdToken is just made of key and values, because then when I try to get the user information with go-oidc, it says that it can't parse the field I filled in the consent request... I'm very sorry if I'm reporting this in the wrong place or if it's documented. Thank you a lot!

Reproducing the bug

This is the code of my consent endpoint (currently just for test purposes):

package controller

import (
    "auth/hydra"
    "context"

    "github.com/gofiber/fiber/v2"
    h "github.com/ory/hydra-client-go"
)

func Consent(c *fiber.Ctx) error {
    challenge := c.Query("consent_challenge")

    acceptConsentRequest := h.NewAcceptConsentRequest()
    acceptConsentRequest.SetRemember(true)
    acceptConsentRequest.SetGrantScope([]string{
        "openid",
        "offline",
    })

    consentRequestSession := h.NewConsentRequestSession()

    consentRequestSession.SetIdToken(map[string]map[string]interface{}{
        "email": {
            "v": "value",
        },
    })

    acceptConsentRequest.SetSession(*consentRequestSession)

    resp, _, err := hydra.Client.AdminApi.AcceptConsentRequest(context.Background()).ConsentChallenge(challenge).AcceptConsentRequest(*acceptConsentRequest).Execute()
    if err != nil {
        return err
    }

    return c.Redirect(resp.RedirectTo)
}

And this is the code of the callback endpoint (also for testing purpose, so don't worry for the hardcoded secret):

package controller

import (
    "context"
    "log"

    oidc "github.com/coreos/go-oidc"
    "github.com/gofiber/fiber/v2"
    "golang.org/x/oauth2"
)

func Callback(c *fiber.Ctx) error {
    code := c.Query("code")

    provider, err := oidc.NewProvider(context.Background(), "http://127.0.0.1:4444/")
    if err != nil {
        log.Println(err)
    }

    config := oauth2.Config{
        ClientID:     "auth",
        ClientSecret: "secret",
        Endpoint:     provider.Endpoint(),
        RedirectURL:  "http://127.0.0.1:3002/api/callback",
        Scopes:       []string{oidc.ScopeOpenID, "profile"},
    }

    //verifier := provider.Verifier(&oidc.Config{ClientID: config.ClientID})

    if code == "" {
        return c.Redirect("/sign-in")
    }

    oauth2Token, err := config.Exchange(context.Background(), code)
    if err != nil {
        log.Println(err)
    }

    if oauth2Token == nil {
        return c.Redirect("/sign-in")
    }

    userInfo, err := provider.UserInfo(context.Background(), oauth2.StaticTokenSource(oauth2Token))
    if err != nil {
        log.Println(err)
        return err
    }

    log.Println(userInfo)

    return c.JSON(userInfo)
}

And when I fill the "email" field in the consent endpoint, the callback endpoint send me: oidc: failed to decode userinfo: json: cannot unmarshal object into Go struct field UserInfo.email of type string and when I print UserInfo.email it just return a nil value...

But when I don't fill the IdToken, everything is fine.

Relevant log output

No response

Relevant configuration

No response

Version

1.11.7

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Binary

Additional Context

No response

[monok-o]

I actually kinda fixed it : https://github.com/monok-o/hydra-client-go/commit/de77bfac3384d533a4d7d54dab898ddd1f22b712

[sneko]

@monok-o @robinWongM @phsym did you find the official way to use the current SDK version with double map? It seems here since v1.11

Thank you,

[aeneasr]

@gen1us2k can you maybe take a look? :)

[phsym]

@sneko well, actually I'm using the fix from @monok-o 's fork

[gen1us2k]

I can say that something is wrong with openAPI generator because the specification is the same across the versions but it generates completely different code.

[aeneasr]

Thanks - it appears to be a dupe of: https://github.com/ory/hydra/issues/3058