From 5c5cb0aa5855e8e16c7465ba2c1d1906cba25bcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Sa=CC=88rkikoski?= Date: Tue, 31 Dec 2024 09:18:27 +0200 Subject: [PATCH] CSCTTV-4130 Modify ORCID account linking service to support Keycloak upgrade. --- .../services/orcid-account-linking.service.ts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/app/mydata/services/orcid-account-linking.service.ts b/src/app/mydata/services/orcid-account-linking.service.ts index 87ea5a8b4..84c1b57d6 100644 --- a/src/app/mydata/services/orcid-account-linking.service.ts +++ b/src/app/mydata/services/orcid-account-linking.service.ts @@ -57,8 +57,8 @@ export class OrcidAccoungLinkingService { /* * Get hash. For more explanation, see comments of function getOrcidLink() */ - async getHash(nonce, sessionState, clientId) { - const input = nonce + sessionState + clientId + 'orcid'; + async getHash(nonce, sid, clientId) { + const input = nonce + sid + clientId + 'orcid'; const encoder = new TextEncoder(); const data = encoder.encode(input); const sha256 = await crypto.subtle.digest('SHA-256', data); @@ -105,7 +105,7 @@ export class OrcidAccoungLinkingService { * This is a random string that your application must generate * hash: * This is a Base64 URL encoded hash. - * This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + session_state (from token) + azp (from token) + provider + * This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + sid (from token) + azp (from token) + provider * Basically you are hashing the random nonce, the user session id, the client id, and the identity provider alias you want to access. */ async getOrcidLink() { @@ -126,14 +126,16 @@ export class OrcidAccoungLinkingService { // azp: Authorized party - the party to which the ID Token was issued const clientId = idTokenPayload.azp; - // Get property 'session_state' from ID token. - const sessionState = idTokenPayload.session_state; + // Get property 'sid' from ID token. + // 2024-12-31: use 'sid' instead of 'session_state' + // https://www.keycloak.org/docs/latest/release_notes/index.html#lightweight-access-token-to-be-even-more-lightweight + const sid = idTokenPayload.sid; // Get nonce const nonce = this.getNonce(); // Get hash - const hash = await this.getHash(nonce, sessionState, clientId); + const hash = await this.getHash(nonce, sid, clientId); // Return ORCID account linking URL return this.getUrl(keycloakUrl, clientId, redirectUrl, nonce, hash);