@abtnode/blocklet-services 1.16.14-beta-1936d3d0 → 1.16.14-beta-dd4f6a50

package/api/libs/connect/session.js

@@ -47,15 +47,14 @@ const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../.
 const { transferPassport } = require('../auth/utils');
 const { generateTranslate } = require('../translate');
 const { migrateAccount, declareAccount } = require('../../services/oauth');
-const { getTrustedIssuers, getLoginProvider } = require('../../util/blocklet-utils');
+const { getTrustedIssuers, getLoginProvider, getFederatedTrustedIssuers } = require('../../util/blocklet-utils');
 const { getFederatedMaster, getUserAvatarUrl } = require('../../util/federated');
 const { api } = require('../api');
 
 const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
 
-const getPassportVc = async ({ blocklet, claims, challenge, locale }) => {
-  const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
-  const trustedIssuers = [...getBlockletAppIdList(blocklet), ...trustedPassports].filter(Boolean);
+const getPassportVc = async ({ blocklet, claims, challenge, locale, provider }) => {
+  const trustedIssuers = await getTrustedIssuers(blocklet, { provider });
   const { vc } = await getVCFromClaims({
     claims,
     challenge,
@@ -67,7 +66,7 @@ const getPassportVc = async ({ blocklet, claims, challenge, locale }) => {
   return vc;
 };
 
-const getRoleFromVC = async ({ vc, node, locale, blocklet, teamDid }) => {
+const getRoleFromVC = async ({ vc, node, locale, blocklet, teamDid, provider }) => {
   let role = ROLES.GUEST;
   if (vc) {
     await validatePassport(get(vc, 'credentialSubject.passport'));
@@ -76,8 +75,12 @@ const getRoleFromVC = async ({ vc, node, locale, blocklet, teamDid }) => {
     if (expectedIssuers.includes(actualIssuer)) {
       role = getRoleFromLocalPassport(get(vc, 'credentialSubject.passport'));
     } else {
+      // MEMO: 如果是 federated，需要将 actualIssuer 做一个转换
+      const actualIssuerList =
+        provider === LOGIN_PROVIDER.FEDERATED ? await getFederatedTrustedIssuers(blocklet) : [actualIssuer];
       // map external passport to local role
-      const { mappings = [] } = (blocklet.trustedPassports || []).find((x) => x.issuerDid === actualIssuer) || {};
+      const { mappings = [] } =
+        (blocklet.trustedPassports || []).find((x) => actualIssuerList.includes(x.issuerDid)) || {};
       role = await getRoleFromExternalPassport({
         passport: get(vc, 'credentialSubject.passport'),
         node,
@@ -156,7 +159,7 @@ module.exports = {
       if (action === 'login') {
         const [invitedUserOnly] = config ? await isInvitedUserOnly(config, node, teamDid) : [false];
 
-        const trustedIssuers = getTrustedIssuers(blocklet, { provider });
+        const trustedIssuers = await getTrustedIssuers(blocklet, { provider });
         claims.verifiableCredential = {
           type: 'verifiableCredential',
           description: messages.requestPassport[locale],
@@ -242,9 +245,11 @@ module.exports = {
       let defaultTtlPolicy = 'never';
       let issuePassport = false;
 
+      const provider = getLoginProvider(request);
+
       // Get passport vc
       if (action === 'login') {
-        vc = await getPassportVc({ blocklet, claims, challenge, locale });
+        vc = await getPassportVc({ blocklet, claims, challenge, locale, provider });
         [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(authConfig, node, teamDid);
         if (invitedUserOnly && !vc) {
           throw new Error(messages.missingCredentialClaim[locale]);
@@ -317,7 +322,7 @@ module.exports = {
       }
 
       // Get role
-      const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid });
+      const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid, provider });
       await validateRole({ role, authConfig, locale, node, teamDid });
 
       checkAppOwner({ role, blocklet, userDid, locale });
@@ -333,10 +338,16 @@ module.exports = {
       let fullName = user?.fullName;
       // Update profile
       const passportForLog = passport || { name: 'Guest', role: 'guest' };
-      const provider = getLoginProvider(request);
+
+      const masterSite = getFederatedMaster(blocklet);
+      let connectAccount = { provider, did: realDid, pk: realPk };
+
       let updatedUser;
       if (user) {
         // Update user
+        if (masterSite && provider === LOGIN_PROVIDER.FEDERATED) {
+          connectAccount = { provider, did: realDid, pk: realPk, id: masterSite.appPid };
+        }
         updatedUser = await node.loginUser({
           teamDid,
           user: {
@@ -345,7 +356,7 @@ module.exports = {
             locale,
             passport,
             lastLoginIp: get(request, 'headers[x-real-ip]') || '',
-            connectedAccount: [{ provider, did: realDid }, connectedNft],
+            connectedAccount: [connectAccount, connectedNft],
           },
         });
         await node.createAuditLog(
@@ -362,6 +373,10 @@ module.exports = {
         const profile = claims.find((x) => x.type === 'profile');
         fullName = profile.fullName;
 
+        if (masterSite && provider === LOGIN_PROVIDER.FEDERATED) {
+          connectAccount = { provider, did: realDid, pk: realPk, id: masterSite.appPid };
+        }
+
         updatedUser = await node.loginUser({
           teamDid,
           user: {
@@ -374,14 +389,7 @@ module.exports = {
             locale,
             passport,
             lastLoginIp: get(request, 'headers[x-real-ip]') || '',
-            connectedAccount: [
-              {
-                provider,
-                did: realDid,
-                pk: realPk,
-              },
-              connectedNft,
-            ],
+            connectedAccount: [connectAccount, connectedNft],
           },
         });
         await node.createAuditLog(
@@ -422,12 +430,12 @@ module.exports = {
         await node.setBlockletInitialized({ did: teamDid, owner: { did: realDid, pk: realPk } });
       }
 
-      const { permanentWallet } = await request.getBlockletInfo();
+      const { permanentWallet } = blockletInfo;
 
-      const masterSite = getFederatedMaster(blocklet);
       let federatedSessionToken;
       let federatedRefreshToken;
-      if (masterSite) {
+      // member 使用 deferated login 时，总是会让 Master 自动登录
+      if (masterSite && provider === LOGIN_PROVIDER.FEDERATED) {
         const postUser = pick(updatedUser, ['did', 'pk', 'fullName', 'locale']);
         postUser.lastLoginAt = get(request, 'headers[x-real-ip]') || '';
 
@@ -444,7 +452,6 @@ module.exports = {
             signer: permanentWallet.address,
             data: signV2(permanentWallet.address, permanentWallet.secretKey, {
               user: postUser,
-              appId: blocklet.did,
               passport,
             }),
           }
@@ -593,7 +600,7 @@ module.exports = {
 
       const blocklet = await request.getBlocklet();
       const provider = getLoginProvider(request);
-      const trustedIssuers = getTrustedIssuers(blocklet, { provider });
+      const trustedIssuers = await getTrustedIssuers(blocklet, { provider });
 
       return {
         verifiableCredential: {
@@ -615,6 +622,7 @@ module.exports = {
       userDid,
       createSessionToken,
       componentId,
+      provider,
     }) => {
       const blocklet = await request.getBlocklet();
       const { name, did: teamDid, secret } = await request.getBlockletInfo();
@@ -645,6 +653,7 @@ module.exports = {
         claims: [verifiableCredential],
         challenge,
         locale,
+        provider,
       });
 
       // Validate passport required
@@ -660,7 +669,7 @@ module.exports = {
       }
 
       // Get role
-      const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid });
+      const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid, provider });
       await validateRole({ role, authConfig, locale, node, teamDid });
 
       checkAppOwner({ role, blocklet, userDid, locale });
@@ -685,7 +694,7 @@ module.exports = {
       await node.createAuditLog(
         {
           action: 'switchPassport',
-          args: { teamDid, userDid, passport: passportForLog, provider: LOGIN_PROVIDER.WALLET },
+          args: { teamDid, userDid, passport: passportForLog, provider },
           context: formatContext(Object.assign(request, { user })),
           result: {},
         },
@@ -697,7 +706,7 @@ module.exports = {
       const sessionConfig = blocklet.settings?.session || {};
       const { sessionToken, refreshToken } = createToken(
         userDid,
-        { secret, passport, role, fullName: user.fullName },
+        { secret, passport, role, fullName: user.fullName, provider },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(request) }
       );
       return { sessionToken, refreshToken };

package/api/libs/jwt.js

@@ -74,6 +74,7 @@ const initJwt = (node, options) => {
 
           user.role = role;
           user.passport = passport;
+          user.provider = provider;
         } else {
           user = { did, role, passport, fullName, provider };
         }

package/api/middlewares/check-federated-cors-call.js

@@ -4,6 +4,7 @@ function checkFederatedCorsCall() {
     const { blocklet } = req;
     const federated = blocklet.settings.federated || {};
     const sites = federated?.sites || [];
+    // TODO: @zhanghan 增加 aliasAppUrl 判断
     if (sites.find((item) => item.appUrl === caller && item.status === 'approved')) {
       next();
       return;

package/api/routes/federated.js

@@ -3,10 +3,16 @@ const { signV2 } = require('@arcblock/jwt');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const cloneDeep = require('lodash/cloneDeep');
 const get = require('lodash/get');
+const pLimit = require('p-limit');
+const pRetry = require('p-retry');
 
 const cors = require('cors');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { getAvatarByUrl, extractUserAvatar } = require('@abtnode/util/lib/user');
+const { getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const pick = require('lodash/pick');
+const defaults = require('lodash/defaults');
+const remove = require('lodash/remove');
 
 const { api } = require('../libs/api');
 const initJwt = require('../libs/jwt');
@@ -19,6 +25,7 @@ const { getUserAvatarUrl } = require('../util/federated');
 const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
 
 const prefix = `${PREFIX}/api/federated`;
+const limitSync = pLimit(1);
 
 module.exports = {
   preInit(server) {
@@ -29,18 +36,24 @@ module.exports = {
   init(server, node, options) {
     // step 1 申请加入(member 向 master 申请)
     server.post(`${prefix}/join`, ensureBlocklet(), async (req, res) => {
+      // master blocklet
       const { blocklet } = req;
       const { site } = req.body;
 
-      const federated = cloneDeep(blocklet.settings.federated || {});
-      let sites = federated?.sites || [];
-      if (sites.length === 0) {
+      const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
+        config: {
+          appId: blocklet.appDid,
+          appPid: blocklet.appPid,
+        },
+        sites: [],
+      });
+      if (federated.sites.length === 0) {
         const nodeInfo = await req.getNodeInfo();
         const blockletInfo = await req.getBlockletInfo();
         const masterSite = {
           appId: blockletInfo.wallet.address,
           appPid: blockletInfo.permanentWallet.address,
-          migratedFrom: blocklet.migratedFrom || [],
+          aliasDid: (blocklet.migratedFrom || []).map((item) => item.appDid),
           appName: blockletInfo.name,
           appDescription: blockletInfo.description,
           appUrl: blockletInfo.appUrl,
@@ -49,24 +62,17 @@ module.exports = {
             normalizePathPrefix(`${WELLKNOWN_SERVICE_PATH_PREFIX}/blocklet/logo`) ||
             '/',
           appLogoRect: blocklet.environmentObj.BLOCKLET_APP_LOGO_RECT,
-          did: blockletInfo.did,
+          did: blockletInfo.permanentWallet.address,
           pk: blockletInfo.permanentWallet.publicKey,
           serverId: nodeInfo.did,
           serverVersion: nodeInfo.version,
           version: blocklet.meta.version,
         };
-        sites = [masterSite];
+        federated.sites = [masterSite];
       }
 
-      let masterConfig = federated.config;
-      if (!masterConfig) {
-        masterConfig = {
-          appId: blocklet.appDid,
-          appPid: blocklet.appPid || blocklet.appDid,
-        };
-      }
       if (site) {
-        sites.push({
+        federated.sites.push({
           ...site,
           appliedAt: new Date(),
           status: 'pending',
@@ -76,36 +82,81 @@ module.exports = {
       // member 申请后，将 member 展示在列表中
       // 更新的是自己
       await node.setFederated({
-        did: blocklet.appDid,
-        config: {
-          config: masterConfig,
-          sites,
-        },
+        did: blocklet.appPid,
+        config: federated,
       });
 
       // 将新增的数据返回给 member
       res.json({
-        sites,
+        sites: federated.sites,
+      });
+    });
+
+    // member 向 master 请求退出统一登录
+    server.post(`${prefix}/quit`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
+      const { blocklet } = req;
+      const { memberPid } = req.body.verifyData;
+
+      const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
+        config: {
+          appId: blocklet.appDid,
+          appPid: blocklet.appPid,
+        },
+        sites: [],
+      });
+
+      remove(federated.sites, (item) => item.appPid === memberPid);
+
+      const { permanentWallet } = await req.getBlockletInfo();
+      const postData = {
+        signer: permanentWallet.address,
+        data: signV2(permanentWallet.address, permanentWallet.secretKey, { sites: federated.sites }),
+      };
+
+      const waitingList = federated.sites
+        .filter((item) => item.appId !== federated.config.appId)
+        .map((item) => {
+          return limitSync(() =>
+            pRetry(() => api.post(`${item.appUrl}/${WELLKNOWN_SERVICE_PATH_PREFIX}/api/federated/sync`, postData), {
+              retries: 3,
+            })
+          );
+        });
+      await Promise.all(waitingList);
+
+      await node.setFederated({
+        did: blocklet.appPid,
+        config: federated,
       });
+
+      res.json({});
     });
 
     // step 2 审批(master 申批 member)
     // core/state/lib/blocklet/manager/disk.js -> auditFederatedLogin
+    // audit-res 接受 master 的处理结果同步，保存 delegation
     server.post(`${prefix}/audit-res`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
-      const { delegation, roles, appId, status } = req.body.verifyData;
-      const federated = cloneDeep(blocklet.settings.federated || {});
+      const { delegation, roles, masterPid, status } = req.body.verifyData;
+      const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
+        config: {
+          appId: blocklet.appDid,
+          appPid: blocklet.appPid,
+          isMaster: false,
+        },
+        sites: [],
+      });
       federated.config.delegation = delegation;
       if (status === 'approved') {
         const trustedPassports = blocklet.trustedPassports || [];
-        const hasTrustedPassport = trustedPassports.find((item) => item.issuerDid === appId);
+        const hasTrustedPassport = trustedPassports.find((item) => item.issuerDid === masterPid);
         if (!hasTrustedPassport) {
           await node.configTrustedPassports({
-            teamDid: blocklet.meta.did,
+            teamDid: blocklet.appPid,
             trustedPassports: [
               ...trustedPassports,
               {
-                issuerDid: appId,
+                issuerDid: masterPid,
                 remark: 'Generated on join federated login',
                 mappings: roles.map((item) => {
                   return {
@@ -120,7 +171,7 @@ module.exports = {
       }
 
       await node.setFederated({
-        did: blocklet.meta.did,
+        did: blocklet.appPid,
         config: federated,
       });
       res.json(federated);
@@ -134,7 +185,7 @@ module.exports = {
       const federated = cloneDeep(blocklet.settings.federated || {});
       federated.sites = sites;
       await node.setFederated({
-        did: blocklet.meta.did,
+        did: blocklet.appPid,
         config: federated,
       });
       res.json(federated);
@@ -149,7 +200,7 @@ module.exports = {
       async (req, res) => {
         const { blocklet } = req;
 
-        const teamDid = blocklet.meta.did;
+        const teamDid = blocklet.appPid;
         let user = null;
         if (req.user) {
           user = { ...req.user };
@@ -166,8 +217,8 @@ module.exports = {
         }
         const blockletInfo = await req.getBlockletInfo();
         const site = {
-          appId: blockletInfo.wallet.address,
-          appPid: blockletInfo.permanentWallet.address,
+          appId: blocklet.appDid,
+          appPid: blocklet.appPid,
           appName: blockletInfo.name,
           appDescription: blockletInfo.description,
           appUrl: blockletInfo.appUrl,
@@ -176,7 +227,6 @@ module.exports = {
             normalizePathPrefix(`${WELLKNOWN_SERVICE_PATH_PREFIX}/blocklet/logo`) ||
             '/',
           appLogoRect: blocklet.environmentObj.BLOCKLET_APP_LOGO_RECT,
-          did: blockletInfo.did,
         };
         res.json({ user, site });
       }
@@ -199,8 +249,9 @@ module.exports = {
         if (!onlyWriteCookie) {
           const { blocklet } = req;
           const { permanentWallet } = await req.getBlockletInfo();
-          const teamDid = blocklet.meta.did;
+          const teamDid = blocklet.appPid;
           const federatedSites = blocklet.settings?.federated?.sites || [];
+          // TODO: @zhanghan 增加 aliasAppUrl 判断
           const loginSite = federatedSites.find((item) => item.appUrl === req.headers.origin);
 
           const currentUser = await node.getUser({
@@ -227,7 +278,7 @@ module.exports = {
             ({ data } = await api.post(`${loginSite.appUrl}${prefix}/token`, {
               signer: permanentWallet.address,
               data: signV2(permanentWallet.address, permanentWallet.secretKey, {
-                appId: teamDid,
+                masterPid: teamDid,
                 role: req.user.role,
                 user,
                 passport: req.user.passport,
@@ -251,16 +302,17 @@ module.exports = {
 
     // step 6 发放自动登录 token(master 向 member 发起生成 token 请求)
     server.post(`${prefix}/token`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
-      const { user, appId, role, passport } = req.body.verifyData;
+      const { user, masterPid, role, passport } = req.body.verifyData;
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
       const { secret } = await req.getBlockletInfo();
       const { blocklet } = req;
-      const teamDid = blocklet.meta.did;
+      const teamDid = blocklet.appPid;
 
       const sessionConfig = blocklet.settings?.session || {};
       const trustedPassports = blocklet.trustedPassports || [];
-      const masterPassport = trustedPassports.find((item) => item.issuerDid === appId);
+      // HACK: 这里只对比 pid，因为自动生成的数据只有 master-site 的 pid
+      const masterPassport = trustedPassports.find((item) => item.issuerDid === masterPid);
       const findMapping = masterPassport ? masterPassport.mappings.find((item) => item.from.passport === role) : null;
       const targetPassport = findMapping
         ? {
@@ -269,15 +321,28 @@ module.exports = {
             id: passport?.id || '',
           }
         : { role: 'guest', name: 'Guest' };
+      let { avatar } = user || {};
+      if (avatar) {
+        try {
+          avatar = await getAvatarByUrl(user.avatar);
+          const nodeInfo = await req.getNodeInfo();
+
+          const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
+          avatar = await extractUserAvatar(avatar, { dataDir });
+        } catch (err) {
+          console.error(err.response.status);
+        }
+      }
       const doc = await node.loginUser({
         teamDid,
         user: {
           ...user,
+          avatar,
           // HACK: @zhanghan 这里会将 passport 插入到当前用户的 passport 列表中，federated 登录不应该插入 passport
           // passport: findMapping ? targetPassport : null,
           connectedAccount: {
             provider: LOGIN_PROVIDER.FEDERATED,
-            id: appId,
+            id: masterPid,
             did: user.did,
             pk: user.pk,
           },
@@ -314,14 +379,15 @@ module.exports = {
     );
 
     // member 主动调起 master 登录（实现登录 member 时，自动登录 master）
+    // member 传递过来的 user.did 和 user.pk 均为 master-site 与钱包生成的
 
     server.post(`${prefix}/loginByMember`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
-      const { user, appId, passport } = req.body.verifyData;
+      const { user, passport } = req.body.verifyData;
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
       const { secret } = await req.getBlockletInfo();
       const { blocklet } = req;
-      const teamDid = blocklet.meta.did;
+      const teamDid = blocklet.appPid;
 
       const sessionConfig = blocklet.settings?.session || {};
       const prevUser = await node.getUser({
@@ -331,14 +397,29 @@ module.exports = {
       });
       // HACK: member 调用 master 时，将 passport 的 role 还原为 master 中原有的 role
       const targetPassport = passport?.id ? (prevUser?.passports || []).find((item) => item.id === passport.id) : null;
-      const doc = await node.loginUser({
+
+      // HACK: 用户在 master 中存在时，不更新任何用户信息；不存在时，将新增一个用户
+      const filterUserInfo = prevUser ? {} : user;
+      if (filterUserInfo.avatar) {
+        let avatar = await getAvatarByUrl(filterUserInfo.avatar);
+        const nodeInfo = await req.getNodeInfo();
+
+        const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
+        avatar = await extractUserAvatar(avatar, { dataDir });
+        filterUserInfo.avatar = avatar;
+      }
+      const realDid = prevUser?.did || user.did;
+      const realPk = prevUser?.pk || user.pk;
+      const newUser = await node.loginUser({
         teamDid,
         user: {
-          ...user,
+          ...filterUserInfo,
+          did: realDid,
+          pk: realPk,
           passport: targetPassport,
           connectedAccount: {
+            // member 在使用 federated login 时，本质还是使用 wallet 来登录的，所以对 master-site 来说，登录的 provider 就是 wallet
             provider: LOGIN_PROVIDER.WALLET,
-            id: appId,
             did: user.did,
             pk: user.pk,
           },
@@ -346,12 +427,12 @@ module.exports = {
       });
 
       const { sessionToken, refreshToken } = createToken(
-        doc.did,
+        user.did,
         {
           secret,
           passport: targetPassport,
           role: targetPassport?.role || 'guest',
-          fullName: doc.fullName,
+          fullName: newUser.fullName,
         },
         {
           ...sessionConfig,

package/api/routes/oauth.js

@@ -386,6 +386,9 @@ module.exports = {
       res.send(oauthConfig);
     });
     server.get(`${prefix}/passports`, async (req, res) => {
+      if (!req.user) {
+        res.status(401).send('Unauthorized');
+      }
       const userDid = req.user.did;
       const blocklet = await req.getBlockletInfo();
       const nodeInfo = await req.getNodeInfo();

package/api/services/auth/connect/switch-passport.js

@@ -1,11 +1,13 @@
 const { switchPassport } = require('../../../libs/connect/session');
+const { getLoginProvider } = require('../../../util/blocklet-utils');
 
 const { onConnect, onApprove } = switchPassport;
 
 module.exports = function createRoutes(node, authenticator, createSessionToken) {
   return {
     action: 'switch-passport',
-    onConnect: ({ req, userDid, baseUrl, extraParams: { locale, connectedDid } }) => {
+    onConnect: ({ userDid, baseUrl, extraParams: { locale, connectedDid }, req, request }) => {
+      const provider = getLoginProvider(request);
       return onConnect({
         node,
         request: req,
@@ -13,10 +15,12 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         userDid,
         previousUserDid: connectedDid,
         baseUrl,
+        provider,
       });
     },
 
-    onAuth: async ({ claims, challenge, userDid, updateSession, extraParams, req }) => {
+    onAuth: async ({ claims, challenge, userDid, updateSession, extraParams, req, request }) => {
+      const provider = getLoginProvider(request);
       const { sessionToken, refreshToken } = await onApprove({
         node,
         request: req,
@@ -25,6 +29,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         verifiableCredential: claims.find((x) => x.type === 'verifiableCredential'),
         userDid,
         createSessionToken,
+        provider,
       });
 
       await updateSession({ sessionToken, refreshToken }, true);