From c50c88bc13c7c3f84ba7f5c041dcb39f6ec1e64a Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Thu, 26 Oct 2023 15:05:32 +0200
Subject: [PATCH] Mimic official rM JWT

---
 internal/app/claims.go   |  4 ++--
 internal/app/handlers.go | 26 ++++++++++++++++++--------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/internal/app/claims.go b/internal/app/claims.go
index d49fd93e..9c0a1c4d 100644
--- a/internal/app/claims.go
+++ b/internal/app/claims.go
@@ -30,7 +30,7 @@ type UserClaims struct {
 type Auth0profile struct {
 	UserID        string `json:"UserID"`
 	IsSocial      bool
-	ClientID      string `json:"ClientID"`
+	ClientID      string `json:"ClientID,omitempty"`
 	Connection    string
 	Name          string `json:"Name"`
 	Nickname      string `json:"NickName"`
@@ -38,7 +38,7 @@ type Auth0profile struct {
 	FamilyName    string
 	Email         string
 	EmailVerified bool
-	Picture       string
+	Picture       string `json:"Picture,omitempty"`
 	CreatedAt     time.Time
 	UpdatedAt     time.Time
 }
diff --git a/internal/app/handlers.go b/internal/app/handlers.go
index 222db6f3..d8254864 100644
--- a/internal/app/handlers.go
+++ b/internal/app/handlers.go
@@ -2,6 +2,7 @@ package app
 
 import (
 	"bytes"
+	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -152,20 +153,30 @@ func (app *App) newUserToken(c *gin.Context) {
 	}
 	scopesStr := strings.Join(scopes, " ")
 	log.Info("setting scopes: ", scopesStr)
+
+	jti := make([]byte, 3)
+	_, err = rand.Read(jti)
+	if err != nil {
+		badReq(c, err.Error())
+		return
+	}
+	jti = append([]byte{'r', 'M', '-'}, jti...)
+	jti = append(jti, '/', 'E')
+
 	now := time.Now()
-	expirationTime := now.Add(24 * time.Hour)
+	expirationTime := now.Add(3 * time.Hour)
 	claims := &UserClaims{
 		Profile: Auth0profile{
 			UserID:        deviceToken.UserID,
 			IsSocial:      false,
 			Connection:    "Username-Password-Authentication",
-			Name:          user.Name,
+			Name:          user.Email,
 			Nickname:      user.Nickname,
+			GivenName:     user.Name,
 			Email:         fmt.Sprintf("%s (via %s)", user.Email, app.cfg.StorageURL),
 			EmailVerified: true,
-			Picture:       "image.png",
-			CreatedAt:     time.Now(),
-			UpdatedAt:     time.Now(),
+			CreatedAt:     user.CreatedAt,
+			UpdatedAt:     user.UpdatedAt,
 		},
 		DeviceDesc: deviceToken.DeviceDesc,
 		DeviceID:   deviceToken.DeviceID,
@@ -175,10 +186,9 @@ func (app *App) newUserToken(c *gin.Context) {
 			ExpiresAt: expirationTime.Unix(),
 			NotBefore: now.Unix(),
 			IssuedAt:  now.Unix(),
-			Subject:   "rM User Token",
+			Subject:   deviceToken.UserID,
 			Issuer:    "rM WebApp",
-			Id:        user.ID,
-			Audience:  APIUsage,
+			Id:        base64.StdEncoding.EncodeToString(jti),
 		},
 		Version: tokenVersion,
 	}