Working towards OpenID - Connect

- Adding id_token support
- Adding bearer token header support for client api auth

src/helper/jwt.ts

@@ -1,7 +1,9 @@
-import { IUser } from "../models/user";
+import { IUser, Gender } from "../models/user";
 import { ObjectID } from "bson";
 import { createJWT } from "../keys";
 import { IClient } from "../models/client";
+import config from "../config";
+import * as moment from "moment";
 
 export interface OAuthJWT {
    user: string;
@@ -10,11 +12,39 @@ export interface OAuthJWT {
    application: string
 }
 
-export default function getOAuthJWT(token: { user: IUser, permissions: ObjectID[], client: IClient }) {
+const issuer = config.core.url;
+
+export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
+export function getIDToken(user: IUser, client_id: string, nonce: string) {
+   return createJWT({
+      user: user.uid,
+      name: user.name,
+      nickname: user.username,
+      username: user.username,
+      preferred_username: user.username,
+      gender: Gender[user.gender],
+      nonce
+   }, {
+      expiresIn: IDTokenJWTExp,
+      issuer,
+      algorithm: "RS256",
+      subject: user.uid,
+      audience: client_id
+   })
+}
+
+export const AccessTokenJWTExp = moment.duration(6, "h");
+export function getAccessTokenJWT(token: { user: IUser, permissions: ObjectID[], client: IClient }) {
    return createJWT(<OAuthJWT>{
       user: token.user.uid,
       username: token.user.username,
       permissions: token.permissions.map(p => p.toHexString()),
       application: token.client.client_id
+   }, {
+      expiresIn: AccessTokenJWTExp.asSeconds(),
+      issuer,
+      algorithm: "RS256",
+      subject: token.user.uid,
+      audience: token.client.client_id
    })
-}
+}