Use OIDC extension field for gameId

FAForever · Dec 29, 2023 · ab46115 · ab46115
1 parent abe2d8b
commit ab46115
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/src/main/kotlin/com/faforever/icebreaker/security/FafPermissionsAugmentor.kt b/src/main/kotlin/com/faforever/icebreaker/security/FafPermissionsAugmentor.kt
@@ -25,7 +25,7 @@ class FafPermissionsAugmentor : SecurityIdentityAugmentor {
             when (val principal = identity.principal) {
                 is JsonWebToken -> {
                     val roles = principal.claim<Map<String, Any>>("ext")
-                        .map { it["roles"] as List<JsonString> }
+                        .map<List<JsonString>> { it["roles"] as? List<JsonString> }
                         .map { it.map { jsonString -> jsonString.string } }
                         .map { it.toSet() }
                         .orElse(setOf())
@@ -34,9 +34,11 @@ class FafPermissionsAugmentor : SecurityIdentityAugmentor {
                         .map { it.map { jsonString -> jsonString.string }.toSet() }
                         .orElse(setOf())
 
-                    principal.claim<JsonNumber>("gameId").ifPresent {
-                        builder.addAttribute("gameId", it.longValue())
-                    }
+                    principal.claim<Map<String, Any>>("ext")
+                        .map<JsonNumber> { it["gameId"] as? JsonNumber }
+                        .ifPresent {
+                            builder.addAttribute("gameId", it.longValue())
+                        }
 
                     builder.addPermissionChecker { requiredPermission ->
                         val hasRole = roles.contains(requiredPermission.name)

diff --git a/src/main/kotlin/com/faforever/icebreaker/service/SessionService.kt b/src/main/kotlin/com/faforever/icebreaker/service/SessionService.kt
@@ -37,8 +37,13 @@ class SessionService(
         }
 
         return Jwt.subject(userId.toString())
-            .claim("gameId", gameId)
-            .claim("ext", mapOf("roles" to listOf("USER")))
+            .claim(
+                "ext",
+                mapOf(
+                    "roles" to listOf("USER"),
+                    "gameId" to gameId,
+                ),
+            )
             .claim("scp", listOf("lobby"))
             .issuer(fafProperties.selfUrl())
             .audience(fafProperties.selfUrl())