From 632bdfb15a920062637dc8a273034e58b382205b Mon Sep 17 00:00:00 2001
From: Brandon Wilson <brandon@coil.com>
Date: Tue, 22 Nov 2022 07:14:57 -0600
Subject: [PATCH] fix(auth): add clientKeyId to context (#769)

---
 packages/auth/src/signature/middleware.test.ts |  3 +++
 packages/auth/src/signature/middleware.ts      | 15 +++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/packages/auth/src/signature/middleware.test.ts b/packages/auth/src/signature/middleware.test.ts
index dd3deb6648..b017a7caeb 100644
--- a/packages/auth/src/signature/middleware.test.ts
+++ b/packages/auth/src/signature/middleware.test.ts
@@ -249,6 +249,7 @@ describe('Signature Service', (): void => {
       await grantInitiationHttpsigMiddleware(ctx, next)
 
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
       expect(next).toHaveBeenCalled()
 
       scope.done()
@@ -279,6 +280,7 @@ describe('Signature Service', (): void => {
 
       await grantContinueHttpsigMiddleware(ctx, next)
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
       expect(next).toHaveBeenCalled()
 
       scope.done()
@@ -314,6 +316,7 @@ describe('Signature Service', (): void => {
 
       expect(next).toHaveBeenCalled()
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
 
       scope.done()
     })
diff --git a/packages/auth/src/signature/middleware.ts b/packages/auth/src/signature/middleware.ts
index ac7bec40d5..492a650588 100644
--- a/packages/auth/src/signature/middleware.ts
+++ b/packages/auth/src/signature/middleware.ts
@@ -44,13 +44,12 @@ export async function verifySigAndChallenge(
 
 async function verifySigFromClient(
   client: string,
-  keyId: string,
   ctx: HttpSigContext
 ): Promise<boolean> {
   const clientService = await ctx.container.use('clientService')
   const clientKey = await clientService.getKey({
     client,
-    keyId
+    keyId: ctx.clientKeyId
   })
 
   if (!clientKey) {
@@ -65,12 +64,12 @@ async function verifySigFromBoundKey(
   ctx: HttpSigContext
 ): Promise<boolean> {
   const sigInput = ctx.headers['signature-input'] as string
-  const keyId = getSigInputKeyId(sigInput)
-  if (keyId !== grant.clientKeyId) {
+  ctx.clientKeyId = getSigInputKeyId(sigInput)
+  if (ctx.clientKeyId !== grant.clientKeyId) {
     ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
   }
 
-  return verifySigFromClient(grant.client, keyId, ctx)
+  return verifySigFromClient(grant.client, ctx)
 }
 
 // TODO: Replace with public httpsig library
@@ -238,12 +237,12 @@ export async function grantInitiationHttpsigMiddleware(
   const { body } = ctx.request
 
   const sigInput = ctx.headers['signature-input'] as string
-  const keyId = getSigInputKeyId(sigInput)
-  if (!keyId) {
+  ctx.clientKeyId = getSigInputKeyId(sigInput)
+  if (!ctx.clientKeyId) {
     ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
   }
 
-  await verifySigFromClient(body.client, keyId, ctx)
+  await verifySigFromClient(body.client, ctx)
   await next()
 }