side-project-at-SPT / split-rails

game split implemented by rails

0 stars 1 forks source link

讓 GaaS 的 Auth0 token 也可以被驗證通過 #8

Closed noracami closed 1 month ago

noracami commented 1 month ago

修改 Decode JWT 的流程
透過讀取 iss 欄位，去決定 decode 的 method
如果是 Auth0 token
- 呼叫 Auth0 lib 檢查正確性（optional）
- 請求大平台 /me，獲得 id
驗證結束

noracami commented 1 month ago

GaaS token example

{
  "iss": "https://dev-1l0ixjw8yohsluoi.us.auth0.com/",
  "sub": "google-oauth2|107793760333100767005",
  "aud": [
    "https://api.gaas.waterballsa.tw",
    "https://dev-1l0ixjw8yohsluoi.us.auth0.com/userinfo"
  ],
  "iat": 1721670894,
  "exp": 1721674494,
  "scope": "openid profile email offline_access",
  "azp": "0Z7hnDld5trPqi2v0lloBY74MHdDYGEy"
}

get user info by Auth0 token

$ url=https://api.gaas.waterballsa.tw/users/me
$ curl -H "Authorization: Bearer $auth0_token" $url

response

{
  "id": "24 digit hex string",
  "email": "example@x.com",
  "nickname": "string"
}

noracami commented 1 month ago

🚧 https://github.com/side-project-at-SPT/split-rails/commit/7ae89c31965bf018fb2741c68e9727ae4f38bc1b : 確認有哪些方法可以直接使用 Auth0 token