From 00b9e6396eab28077c6f77d1b0ffb66b34000079 Mon Sep 17 00:00:00 2001
From: Johannes Wikman <jwikman@users.noreply.github.com>
Date: Tue, 19 Nov 2024 10:09:30 +0100
Subject: [PATCH] OAuth2.GetClaims() (#2363)

#### Summary <!-- Provide a general summary of your changes -->
Adds a new function to the OAuth2 module, GetClaims().
It takes a JSON Web Token (JWT) and returns the Claims as a JSONObject.

#### Work Item(s) <!-- Add the issue number here after the #. The issue
needs to be open and approved. Submitting PRs with no linked issues or
unapproved issues is highly discouraged. -->

Fixes #2296

Fixes
[AB#556573](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/556573)
---
 .../App/OAuth2/OAuth2.Codeunit.al             | 10 ++++++++++
 .../App/OAuth2/OAuth2Impl.Codeunit.al         | 20 +++++++++++++++++++
 src/System Application/App/OAuth2/app.json    |  8 +++++++-
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/System Application/App/OAuth2/OAuth2.Codeunit.al b/src/System Application/App/OAuth2/OAuth2.Codeunit.al
index 04a019407f..0e8afadae8 100644
--- a/src/System Application/App/OAuth2/OAuth2.Codeunit.al	
+++ b/src/System Application/App/OAuth2/OAuth2.Codeunit.al	
@@ -1503,6 +1503,16 @@ codeunit 501 OAuth2
         OAuth2Impl.AcquireOnBehalfOfTokensByTokenCache(ClientId, ClientSecret, LoginHint, RedirectURL, Scopes, TokenCache, AccessToken, IdToken, NewTokenCache);
     end;
 
+    /// <summary>
+    /// Gets the Claims Set from a JSON Web Token (JWT).
+    /// </summary>
+    /// <param name="JWT">The JSON Web Token.</param>
+    /// <returns>The JWT Claims Set.</returns>
+    procedure GetClaims(JWT: SecretText) Result: JsonObject
+    begin
+        exit(OAuth2Impl.GetClaims(JWT));
+    end;
+
     /// <summary>
     /// Get the last error message that happened during acquiring of an access token.
     /// </summary>
diff --git a/src/System Application/App/OAuth2/OAuth2Impl.Codeunit.al b/src/System Application/App/OAuth2/OAuth2Impl.Codeunit.al
index 1150fb0bb9..b26fcf5044 100644
--- a/src/System Application/App/OAuth2/OAuth2Impl.Codeunit.al	
+++ b/src/System Application/App/OAuth2/OAuth2Impl.Codeunit.al	
@@ -6,6 +6,7 @@
 namespace System.Security.Authentication;
 
 using System;
+using System.Text;
 using System.Environment;
 using System.Utilities;
 
@@ -1427,6 +1428,25 @@ codeunit 502 OAuth2Impl
         IdToken := CompoundToken.IdToken;
     end;
 
+    [NonDebuggable]
+    procedure GetClaims(JWT: SecretText) Result: JsonObject
+    var
+        Base64Convert: Codeunit "Base64 Convert";
+        PlainTextJWT: Text;
+        Base64Text: Text;
+    begin
+        if JWT.IsEmpty() then
+            exit;
+        PlainTextJWT := JWT.Unwrap();
+        if PlainTextJWT.Split('.').Count() < 3 then
+            exit;
+        Base64Text := PlainTextJWT.Split('.').Get(2);
+        Base64Text := Base64Text.Replace('-', '+').Replace('_', '/');
+        if StrLen(Base64Text) mod 4 <> 0 then
+            Base64Text := PadStr(Base64Text, StrLen(Base64Text) + (4 - StrLen(Base64Text) mod 4), '=');
+        Result.ReadFrom(Base64Convert.FromBase64(Base64Text))
+    end;
+
     procedure GetLastErrorMessage(): Text
     begin
         exit(AuthFlow.LastErrorMessage());
diff --git a/src/System Application/App/OAuth2/app.json b/src/System Application/App/OAuth2/app.json
index 5452d847eb..091d11f220 100644
--- a/src/System Application/App/OAuth2/app.json	
+++ b/src/System Application/App/OAuth2/app.json	
@@ -34,6 +34,12 @@
       "name": "Environment Information",
       "publisher": "Microsoft",
       "version": "26.0.0.0"
+    },
+    {
+      "id": "0846d207-5dec-4c1b-afd8-6a25e1e14b9d",
+      "name": "Base64 Convert",
+      "publisher": "Microsoft",
+      "version": "26.0.0.0"
     }
   ],
   "screenshots": [],
@@ -51,4 +57,4 @@
     "includeSourceInSymbolFile": true
   },
   "target": "OnPrem"
-}
+}
\ No newline at end of file