in typescript/src/utils/guIdentityApi.ts [75:117]
export async function getUserId(
headers: HttpRequestHeaders,
): Promise<UserIdResolution> {
try {
const OktaJwtVerifier = require('@okta/jwt-verifier');
const oktaparams = getOktaStageParameters(Stage);
const issuer = oktaparams.issuer;
const expectedAud = oktaparams.expectedAud;
const scope = oktaparams.scope;
const oktaJwtVerifier = new OktaJwtVerifier({
issuer: issuer,
});
const accessTokenString = getAuthToken(headers);
try {
return await oktaJwtVerifier
.verifyAccessToken(accessTokenString, expectedAud)
.then((payload: OktaJwtVerifierReturn) => {
if (payload.claims.scp.includes(scope)) {
if (payload.claims.legacy_identity_id) {
return {
status: 'success',
userId: payload.claims.legacy_identity_id,
};
} else {
return { status: 'missing-identity-id', userId: null };
}
} else {
// We have passed authentication but we didn't pass the scope check
return { status: 'incorrect-scope', userId: null };
}
});
} catch (error) {
return { status: 'incorrect-token', userId: null };
}
} catch (error) {
throw error;
}
}