From 262af9ba2ca774dcc22a74a90b1d82a7a822593f Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 8 May 2024 23:24:42 +0200
Subject: [PATCH] add raw id_token in output

closes #101
---
 .goreleaser.yml | 2 +-
 cmd/device.go   | 4 +++-
 pkg/client.go   | 3 ++-
 pkg/helpers.go  | 1 +
 pkg/implicit.go | 1 -
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index f23b0a4..a8eed87 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -88,4 +88,4 @@ brews:
       email: goreleaser@beryju.org
     homepage: 'https://github.com/beryju/{{ .ProjectName }}'
     description: 'Small, OIDC Client, to debug and test OIDC providers'
-    folder: Formula
+    directory: Formula
diff --git a/cmd/device.go b/cmd/device.go
index 804f914..966b520 100644
--- a/cmd/device.go
+++ b/cmd/device.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"fmt"
 	"net/http"
+	"os"
 
 	"github.com/cli/oauth"
 	"github.com/spf13/cobra"
@@ -25,6 +26,7 @@ var deviceCmd = &cobra.Command{
 		flow := &oauth.Flow{
 			Host: &oauth.Host{
 				DeviceCodeURL: deviceUrl,
+				TokenURL:      codeUrl,
 			},
 			ClientID:   clientId,
 			Scopes:     scopes,
@@ -41,7 +43,7 @@ var deviceCmd = &cobra.Command{
 }
 
 func init() {
-	deviceCmd.PersistentFlags().StringVarP(&clientId, "client-id", "c", "", "Client ID")
+	deviceCmd.PersistentFlags().StringVarP(&clientId, "client-id", "c", os.Getenv("OIDC_CLIENT_ID"), "Client ID")
 	deviceCmd.PersistentFlags().StringVarP(&deviceUrl, "device-url", "d", "", "Device URL")
 	deviceCmd.PersistentFlags().StringVarP(&codeUrl, "code-url", "u", "", "Code URL")
 	deviceCmd.PersistentFlags().StringSliceVarP(&scopes, "scopes", "s", []string{}, "Scopes")
diff --git a/pkg/client.go b/pkg/client.go
index 4503c95..a94639f 100644
--- a/pkg/client.go
+++ b/pkg/client.go
@@ -137,6 +137,7 @@ func (c *OIDCClient) oauthCallback(w http.ResponseWriter, r *http.Request) {
 	resp := CallbackResponse{
 		OAuth2Token:   oauth2Token,
 		IDTokenClaims: new(json.RawMessage),
+		RawIDToken:    rawIDToken,
 	}
 
 	if err := idToken.Claims(&resp.IDTokenClaims); err != nil {
@@ -230,7 +231,7 @@ func (c *OIDCClient) oauthInit(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	opts := []oauth2.AuthCodeOption{}
-	if slices.Contains(c.config.Scopes, "offline_access") {
+	if slices.Contains(c.config.Scopes, oidc.ScopeOfflineAccess) {
 		opts = append(opts, oauth2.ApprovalForce)
 	}
 	if c.doRefreshChecks {
diff --git a/pkg/helpers.go b/pkg/helpers.go
index a5ea43f..d8f7ddb 100644
--- a/pkg/helpers.go
+++ b/pkg/helpers.go
@@ -18,6 +18,7 @@ func Env(key string, fallback string) string {
 type CallbackResponse struct {
 	OAuth2Token    *oauth2.Token
 	IDTokenClaims  *json.RawMessage // ID Token payload is just JSON.
+	RawIDToken     string
 	UserInfo       interface{}
 	Introspection  interface{}
 	Refresh        interface{}
diff --git a/pkg/implicit.go b/pkg/implicit.go
index c0e4837..5ba2496 100644
--- a/pkg/implicit.go
+++ b/pkg/implicit.go
@@ -2,7 +2,6 @@ package pkg
 
 import (
 	"embed"
-	_ "embed"
 	"html/template"
 	"net/http"
 	"strings"