CSCTTV-4130 Modify ORCID account linking service to support Keycloak …

…upgrade.
CSCfi · Dec 31, 2024 · 5c5cb0a · 5c5cb0a
1 parent 9f872fe
commit 5c5cb0a
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/src/app/mydata/services/orcid-account-linking.service.ts b/src/app/mydata/services/orcid-account-linking.service.ts
@@ -57,8 +57,8 @@ export class OrcidAccoungLinkingService {
   /*
    * Get hash. For more explanation, see comments of function getOrcidLink()
    */
-  async getHash(nonce, sessionState, clientId) {
-    const input = nonce + sessionState + clientId + 'orcid';
+  async getHash(nonce, sid, clientId) {
+    const input = nonce + sid + clientId + 'orcid';
     const encoder = new TextEncoder();
     const data = encoder.encode(input);
     const sha256 = await crypto.subtle.digest('SHA-256', data);
@@ -105,7 +105,7 @@ export class OrcidAccoungLinkingService {
    *       This is a random string that your application must generate
    *   hash:
    *       This is a Base64 URL encoded hash.
-   *       This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + session_state (from token) + azp (from token) + provider
+   *       This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + sid (from token) + azp (from token) + provider
    *       Basically you are hashing the random nonce, the user session id, the client id, and the identity provider alias you want to access.
    */
   async getOrcidLink() {
@@ -126,14 +126,16 @@ export class OrcidAccoungLinkingService {
     // azp: Authorized party - the party to which the ID Token was issued
     const clientId = idTokenPayload.azp;
 
-    // Get property 'session_state' from ID token.
-    const sessionState = idTokenPayload.session_state;
+    // Get property 'sid' from ID token.
+    // 2024-12-31: use 'sid' instead of 'session_state'
+    // https://www.keycloak.org/docs/latest/release_notes/index.html#lightweight-access-token-to-be-even-more-lightweight
+    const sid = idTokenPayload.sid;
 
     // Get nonce
     const nonce = this.getNonce();
 
     // Get hash
-    const hash = await this.getHash(nonce, sessionState, clientId);
+    const hash = await this.getHash(nonce, sid, clientId);
 
     // Return ORCID account linking URL
     return this.getUrl(keycloakUrl, clientId, redirectUrl, nonce, hash);