Set iss/idp in reva-userid

pkg/command/server.go

@@ -305,6 +305,7 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
 			middleware.Logger(l),
 			middleware.HTTPClient(oidcHTTPClient),
 			middleware.OIDCProviderFunc(provider),
+			middleware.OIDCIss(cfg.OIDC.Issuer),
 		)
 
 		return alice.New(middleware.RedirectToHTTPS, oidcMW, psMW, uuidMW, chMW)

pkg/middleware/account_uuid.go

@@ -146,6 +146,7 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 			token, err := tokenManager.MintToken(r.Context(), &revauser.User{
 				Id: &revauser.UserId{
 					OpaqueId: account.Id,
+					Idp:      claims.Iss,
 				},
 				Username:     account.OnPremisesSamAccountName,
 				DisplayName:  account.DisplayName,

pkg/middleware/openidconnect.go

@@ -85,6 +85,9 @@ func OpenIDConnect(opts ...Option) func(next http.Handler) http.Handler {
 				return
 			}
 
+			//TODO: This should be read from the token instead of config
+			claims.Iss = opt.OIDCIss
+
 			// inject claims to the request context for the account_uuid middleware.
 			ctxWithClaims := ocisoidc.NewContext(r.Context(), &claims)
 			r = r.WithContext(ctxWithClaims)

pkg/middleware/options.go

@@ -25,6 +25,8 @@ type Options struct {
 	AccountsClient acc.AccountsService
 	// OIDCProviderFunc to lazily initialize a provider, must be set for the oidcProvider middleware
 	OIDCProviderFunc func() (OIDCProvider, error)
+	// OIDCIss is the oidc-issuer
+	OIDCIss string
 	// RevaGatewayClient to send requests to the reva gateway
 	RevaGatewayClient gateway.GatewayAPIClient
 	// Store for persisting data
@@ -77,6 +79,13 @@ func OIDCProviderFunc(f func() (OIDCProvider, error)) Option {
 	}
 }
 
+// OIDCIss sets the oidc issuer url
+func OIDCIss(iss string) Option {
+	return func(o *Options) {
+		o.OIDCIss = iss
+	}
+}
+
 // RevaGatewayClient provides a function to set the the reva gateway service client option.
 func RevaGatewayClient(gc gateway.GatewayAPIClient) Option {
 	return func(o *Options) {