add additional arguments to on_authenticated lifecycle hook

helps with #413

Signed-off-by: Stefan Bodewig <[email protected]>

Author: bodewig

ChangeLog

@@ -1,3 +1,7 @@
+12/17/2021
+- added id_token and the token endpoint response as additional
+  arguments to the on_authenticated lifecycle hook; see #413
+
 11/19/2021
 - added opts.discovery_expires_in in order to make cache expiry of
   OpenID Connect Discovery responses configurable.

README.md

@@ -212,6 +212,7 @@ h2JHukolz9xf6qN61QMLSd83+kwoBr2drp6xg3eGDLIkQCQLrkY=
              --     `openidc_authorize` immediately prior to saving the session
              --  -- `on_authenticated` hook is invoked *after* receiving authorization response in
              --     `openidc_authorization_response` immediately prior to saving the session
+             --     Starting with lua-resty-openidc 1.7.5 this receives the decoded id_token as second and the response of the token endpoint as third argument      
              --  -- `on_regenerated` is invoked immediately after the
                      a new access token has been obtained via token
                      refresh and is called with the regenerated session table

lib/resty/openidc.lua

@@ -1188,7 +1188,7 @@ local function openidc_authorization_response(opts, session)
   end
 
   if opts.lifecycle and opts.lifecycle.on_authenticated then
-    err = opts.lifecycle.on_authenticated(session)
+    err = opts.lifecycle.on_authenticated(session, id_token, json)
     if err then
       log(WARN, "failed in `on_authenticated` handler: " .. err)
       return nil, err, session.data.original_url, session