Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSCTTV-4130 Modify ORCID account linking service to support Keycloak upgrade #1906

Merged
merged 1 commit into from
Dec 31, 2024
Merged

CSCTTV-4130 Modify ORCID account linking service to support Keycloak upgrade #1906

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions src/app/mydata/services/orcid-account-linking.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ export class OrcidAccoungLinkingService {
/*
* Get hash. For more explanation, see comments of function getOrcidLink()
*/
async getHash(nonce, sessionState, clientId) {
const input = nonce + sessionState + clientId + 'orcid';
async getHash(nonce, sid, clientId) {
const input = nonce + sid + clientId + 'orcid';
const encoder = new TextEncoder();
const data = encoder.encode(input);
const sha256 = await crypto.subtle.digest('SHA-256', data);
Expand Down Expand Up @@ -105,7 +105,7 @@ export class OrcidAccoungLinkingService {
* This is a random string that your application must generate
* hash:
* This is a Base64 URL encoded hash.
* This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + session_state (from token) + azp (from token) + provider
* This hash is generated by Base64 URL encoding a SHA_256 hash of nonce + sid (from token) + azp (from token) + provider
* Basically you are hashing the random nonce, the user session id, the client id, and the identity provider alias you want to access.
*/
async getOrcidLink() {
Expand All @@ -126,14 +126,16 @@ export class OrcidAccoungLinkingService {
// azp: Authorized party - the party to which the ID Token was issued
const clientId = idTokenPayload.azp;

// Get property 'session_state' from ID token.
const sessionState = idTokenPayload.session_state;
// Get property 'sid' from ID token.
// 2024-12-31: use 'sid' instead of 'session_state'
// https://www.keycloak.org/docs/latest/release_notes/index.html#lightweight-access-token-to-be-even-more-lightweight
const sid = idTokenPayload.sid;

// Get nonce
const nonce = this.getNonce();

// Get hash
const hash = await this.getHash(nonce, sessionState, clientId);
const hash = await this.getHash(nonce, sid, clientId);

// Return ORCID account linking URL
return this.getUrl(keycloakUrl, clientId, redirectUrl, nonce, hash);
Expand Down
Loading