try to decode the userinfo response like a JWT if it's not a raw JSON string

Signed-off-by: Julien Veyssier <[email protected]>

Author: julien-nc

lib/Service/OIDCService.php

@@ -10,6 +10,7 @@
 namespace OCA\UserOIDC\Service;
 
 use OCA\UserOIDC\Db\Provider;
+use OCA\UserOIDC\Vendor\Firebase\JWT\JWT;
 use OCP\Http\Client\IClientService;
 use OCP\Security\ICrypto;
 use Psr\Log\LoggerInterface;
@@ -38,11 +39,34 @@ public function userinfo(Provider $provider, string $accessToken): array {
 				'Authorization' => 'Bearer ' . $accessToken,
 			],
 		];
+
 		try {
-			return json_decode($client->get($url, $options)->getBody(), true);
+			$userInfoResponse = $client->get($url, $options)->getBody();
 		} catch (Throwable $e) {
+			$this->logger->error('Request to the userinfo endpoint failed', ['exception' => $e]);
 			return [];
 		}
+
+		// try to decode it like a JSON string
+		try {
+			return json_decode($userInfoResponse, true);
+		} catch (Throwable) {
+			$this->logger->debug('The userinfo response is not JSON');
+		}
+
+		// try to decode it like a JWT token
+		JWT::$leeway = 60;
+		try {
+			$jwks = $this->discoveryService->obtainJWK($provider, $userInfoResponse);
+			$payload = JWT::decode($userInfoResponse, $jwks);
+			$arrayPayload = json_decode(json_encode($payload), true);
+			$this->logger->debug('JWT Decoded user info response', ['decoded_userinfo_response' => $arrayPayload]);
+			return $arrayPayload;
+		} catch (Throwable $e) {
+			$this->logger->debug('Treating the userinfo response as a JWT token. Impossible to decode it:' . $e->getMessage());
+		}
+
+		return [];
 	}
 
 	public function introspection(Provider $provider, string $accessToken): array {