From 4a82c8f224a9f8d439f035ff0ff106f3c5ed31e7 Mon Sep 17 00:00:00 2001
From: Luka Radenovic <luka@init.hr>
Date: Thu, 10 Feb 2022 09:43:15 +0100
Subject: [PATCH] Get user info from hydra

---
 areas/auth/auth.py     | 13 ++++++++++++-
 config.py              |  1 +
 helpers/hydra_oauth.py | 17 ++++++++++++-----
 run_app.sh             |  1 +
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/areas/auth/auth.py b/areas/auth/auth.py
index 098ed0aa..4334be45 100644
--- a/areas/auth/auth.py
+++ b/areas/auth/auth.py
@@ -27,8 +27,19 @@ def hydra_callback():
         raise BadRequest("Missing code query param")
 
     token = HydraOauth.get_token(state, code)
+    user_info = HydraOauth.get_user_info()
+
     access_token = create_access_token(
         identity=token, expires_delta=timedelta(days=365)
     )
 
-    return jsonify({"access_token": access_token})
+    return jsonify(
+        {
+            "accessToken": access_token,
+            "userInfo": {
+                "email": user_info["email"],
+                "name": user_info["name"],
+                "preferredUsername": user_info["preferred_username"],
+            },
+        }
+    )
diff --git a/config.py b/config.py
index 22a643fd..b3abf029 100644
--- a/config.py
+++ b/config.py
@@ -5,4 +5,5 @@ KRATOS_URL = os.environ.get("KRATOS_URL")
 HYDRA_CLIENT_ID = os.environ.get("HYDRA_CLIENT_ID")
 HYDRA_CLIENT_SECRET = os.environ.get("HYDRA_CLIENT_SECRET")
 HYDRA_AUTHORIZATION_BASE_URL = os.environ.get("HYDRA_AUTHORIZATION_BASE_URL")
+HYDRA_URL = os.environ.get("HYDRA_URL")
 TOKEN_URL = os.environ.get("TOKEN_URL")
diff --git a/helpers/hydra_oauth.py b/helpers/hydra_oauth.py
index 06fdc3de..f90b891b 100644
--- a/helpers/hydra_oauth.py
+++ b/helpers/hydra_oauth.py
@@ -6,8 +6,6 @@ from helpers import HydraError
 
 
 class HydraOauth:
-    SESSION_KEY = "oauth_state"
-
     @staticmethod
     def authorize():
         try:
@@ -16,9 +14,6 @@ class HydraOauth:
                 HYDRA_AUTHORIZATION_BASE_URL
             )
 
-            # State is used to prevent CSRF, keep this for later.
-            session[HydraOauth.SESSION_KEY] = state
-
             return authorization_url
         except Exception as err:
             raise HydraError(str(err), 500)
@@ -41,3 +36,15 @@ class HydraOauth:
             return token
         except Exception as err:
             raise HydraError(str(err), 500)
+
+    @staticmethod
+    def get_user_info():
+        try:
+            hydra = OAuth2Session(
+                client_id=HYDRA_CLIENT_ID, token=session["hydra_token"]
+            )
+            user_info = hydra.get("{}/userinfo".format(HYDRA_URL))
+
+            return user_info.json()
+        except Exception as err:
+            raise HydraError(str(err), 500)
diff --git a/run_app.sh b/run_app.sh
index 651b6749..babc1b7f 100755
--- a/run_app.sh
+++ b/run_app.sh
@@ -24,6 +24,7 @@ export SECRET_KEY="e38hq!@0n64g@qe6)5csk41t=ljo2vllog(%k7njnm4b@kh42c"
 export KRATOS_URL="http://127.0.0.1:8000"
 export HYDRA_CLIENT_ID="dashboard-local"
 export HYDRA_CLIENT_SECRET="gDSEuakxzybHBHJocnmtDOLMwlWWEvPh"
+export HYDRA_URL="https://sso.init.stackspin.net"
 export HYDRA_AUTHORIZATION_BASE_URL="https://sso.init.stackspin.net/oauth2/auth"
 export TOKEN_URL="https://sso.init.stackspin.net/oauth2/token"
 flask run
-- 
GitLab