From ce8aff3626cf9cb01aae20bd80fc823c359b8403 Mon Sep 17 00:00:00 2001
From: Twilight <im@ivampiresp.com>
Date: Wed, 24 Jul 2024 14:57:28 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E8=AE=A4=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Providers/AppServiceProvider.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index ce245cf..63d6845 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -47,11 +47,27 @@ private function setJWTGuard(): void
 
             try {
                 $decoded = JWT::decode($jwt, $keys, $headers);
-                $request->attributes->add(['token_type' => $headers->typ]);
+                //                $request->attributes->add(['token_type' => $headers->typ]);
             } catch (Exception $e) {
                 return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401);
             }
 
+            // must id_token
+            if ($headers->typ !== 'id_token') {
+                return response()->json(['error' => 'The token not id_token'], 401);
+            }
+
+            // 检查是否有 字段
+            $required_fields = [
+                'name', 'sub',
+            ];
+
+            foreach ($required_fields as $field) {
+                if (! isset($decoded->$field)) {
+                    return response()->json(['error' => 'The token not contain the field '.$field], 401);
+                }
+            }
+
             if (config('oauth.force_aud')) {
                 if (! in_array($decoded->aud, config('oauth.trusted_aud'))) {
                     return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);