From 1deada443e622688106434fcaee6dad1c4600c4c Mon Sep 17 00:00:00 2001
From: Ilja Neumann <node512@gmail.com>
Date: Fri, 31 Jul 2020 22:57:19 +0200
Subject: [PATCH] Set iss/idp in reva-userid

---
 pkg/command/server.go           | 1 +
 pkg/middleware/account_uuid.go  | 1 +
 pkg/middleware/openidconnect.go | 3 +++
 pkg/middleware/options.go       | 9 +++++++++
 4 files changed, 14 insertions(+)

diff --git a/pkg/command/server.go b/pkg/command/server.go
index fcec85dd4a..3e948d8b68 100644
--- a/pkg/command/server.go
+++ b/pkg/command/server.go
@@ -305,6 +305,7 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
 			middleware.Logger(l),
 			middleware.HTTPClient(oidcHTTPClient),
 			middleware.OIDCProviderFunc(provider),
+			middleware.OIDCIss(cfg.OIDC.Issuer),
 		)
 
 		return alice.New(middleware.RedirectToHTTPS, oidcMW, psMW, uuidMW, chMW)
diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go
index cb405ac1cd..5f711312b4 100644
--- a/pkg/middleware/account_uuid.go
+++ b/pkg/middleware/account_uuid.go
@@ -146,6 +146,7 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 			token, err := tokenManager.MintToken(r.Context(), &revauser.User{
 				Id: &revauser.UserId{
 					OpaqueId: account.Id,
+					Idp:      claims.Iss,
 				},
 				Username:     account.OnPremisesSamAccountName,
 				DisplayName:  account.DisplayName,
diff --git a/pkg/middleware/openidconnect.go b/pkg/middleware/openidconnect.go
index be0ccacac8..a4eb51471b 100644
--- a/pkg/middleware/openidconnect.go
+++ b/pkg/middleware/openidconnect.go
@@ -85,6 +85,9 @@ func OpenIDConnect(opts ...Option) func(next http.Handler) http.Handler {
 				return
 			}
 
+			//TODO: This should be read from the token instead of config
+			claims.Iss = opt.OIDCIss
+
 			// inject claims to the request context for the account_uuid middleware.
 			ctxWithClaims := ocisoidc.NewContext(r.Context(), &claims)
 			r = r.WithContext(ctxWithClaims)
diff --git a/pkg/middleware/options.go b/pkg/middleware/options.go
index e6ab964298..cf7f5d1178 100644
--- a/pkg/middleware/options.go
+++ b/pkg/middleware/options.go
@@ -25,6 +25,8 @@ type Options struct {
 	AccountsClient acc.AccountsService
 	// OIDCProviderFunc to lazily initialize a provider, must be set for the oidcProvider middleware
 	OIDCProviderFunc func() (OIDCProvider, error)
+	// OIDCIss is the oidc-issuer
+	OIDCIss string
 	// RevaGatewayClient to send requests to the reva gateway
 	RevaGatewayClient gateway.GatewayAPIClient
 	// Store for persisting data
@@ -77,6 +79,13 @@ func OIDCProviderFunc(f func() (OIDCProvider, error)) Option {
 	}
 }
 
+// OIDCIss sets the oidc issuer url
+func OIDCIss(iss string) Option {
+	return func(o *Options) {
+		o.OIDCIss = iss
+	}
+}
+
 // RevaGatewayClient provides a function to set the the reva gateway service client option.
 func RevaGatewayClient(gc gateway.GatewayAPIClient) Option {
 	return func(o *Options) {