louis/targo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): make validate method of strategy use parsed idToken to work with Authentik JWT payload instead of profile

Browse Source
This commit is contained in:
Nicolas Drolet 2025-12-03 14:10:17 -05:00
parent e6c949e40b
commit 5dafef82f2
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/identity-and-account/authentication/strategies/authentik.strategy.ts
View File

@ -49,10 +49,15 @@ export class AuthentikStrategy extends PassportStrategy(OIDCStrategy, 'openidcon
cb: VerifyCallback, cb: VerifyCallback,
): Promise<any> { ): Promise<any> {
try { try {
const email = profile.emails?.[0]?.value;
if (!email) return cb(new Error('Missing email in OIDC profile'), false);
const user = await this.authentikAuthService.validateUser(email);
const components = _idToken.split('.');
const payload = Buffer.from(components[1], "base64").toString('utf-8');
const claims = JSON.parse(payload);
if (!claims.email) return cb(new Error('Missing email in OIDC profile'), false);
const user = await this.authentikAuthService.validateUser(claims.email);
if (!user) return cb(new Error('User not found'), false); if (!user) return cb(new Error('User not found'), false);
return cb(null, user); return cb(null, user);