From 1e9982927a0d64e79d393906e362052a88b86adb Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Mon, 16 Sep 2024 11:03:24 +0200 Subject: [PATCH] add identity_provider id scope --- app/controllers/agent_connect/agent_controller.rb | 6 ++++++ app/services/agent_connect_service.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/agent_connect/agent_controller.rb b/app/controllers/agent_connect/agent_controller.rb index 346c19a8d..a0b293ffb 100644 --- a/app/controllers/agent_connect/agent_controller.rb +++ b/app/controllers/agent_connect/agent_controller.rb @@ -5,6 +5,8 @@ class AgentConnect::AgentController < ApplicationController before_action :redirect_to_login_if_fc_aborted, only: [:callback] before_action :check_state, only: [:callback] + MON_COMPTE_PRO_IDP_ID = "71144ab3-ee1a-4401-b7b3-79b44f7daeeb" + STATE_COOKIE_NAME = :agentConnect_state NONCE_COOKIE_NAME = :agentConnect_nonce @@ -24,6 +26,10 @@ class AgentConnect::AgentController < ApplicationController user_info, id_token = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME]) cookies.delete NONCE_COOKIE_NAME + if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID + # MON COMPTE PRO ! + end + instructeur = Instructeur.find_by(users: { email: santized_email(user_info) }) if instructeur.nil? diff --git a/app/services/agent_connect_service.rb b/app/services/agent_connect_service.rb index cbbf91814..c4b35d18e 100644 --- a/app/services/agent_connect_service.rb +++ b/app/services/agent_connect_service.rb @@ -14,7 +14,7 @@ class AgentConnectService nonce = SecureRandom.hex(16) uri = client.authorization_uri( - scope: [:openid, :email, :given_name, :usual_name, :organizational_unit, :belonging_population, :siret], + scope: [:openid, :email, :given_name, :usual_name, :organizational_unit, :belonging_population, :siret, :idp_id], state:, nonce:, acr_values: 'eidas1'