Merge branch 'development' into 'master'

OIDC + màj NodeJS See merge request !18

Merge branch 'development' into 'master'
OIDC + màj NodeJS See merge request !18
0ec57177 · Sébastien DA ROCHA · 8c1d6d6d · b1ab9d2d · 0ec57177 · 0ec57177
Commit 0ec57177 authored May 13, 2022 by Sébastien DA ROCHA
--- a/.eslintrc.js
+++ b/.eslintrc.js
+module.exports = {
+  root: true,
+  parser: '@typescript-eslint/parser',
+  plugins: [
+    '@typescript-eslint',
+  ],
+  extends: [
+    'eslint:recommended',
+    'plugin:@typescript-eslint/recommended',
+  ],
+};
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,6 @@ node_modules

 /dist

-.vscode
\ No newline at end of file
+.vscode
+
+*.sw[op]
--- a/Dockerfile
+++ b/Dockerfile
-FROM node:12.13-slim
+FROM node:14-slim

 # Create app directory
 WORKDIR /app

--- a/Pipfile
+++ b/Pipfile
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+pyjwt = {extras = ["crypto"], version = "*"}
+pytest = "*"
+requests = "*"
+python-decouple = "*"
+redis = "*"
+
+[requires]
+python_version = "3.7"
--- a/Pipfile.lock
+++ b/Pipfile.lock
+{
+    "_meta": {
+        "hash": {
+            "sha256": "6c97d8906b08922c556655e546bd5c48ecab2dc0c9ff56700f39cbfa3709e577"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.7"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "attrs": {
+            "hashes": [
+                "sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1",
+                "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "version": "==21.2.0"
+        },
+        "certifi": {
+            "hashes": [
+                "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c",
+                "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830"
+            ],
+            "version": "==2020.12.5"
+        },
+        "cffi": {
+            "hashes": [
+                "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c",
+                "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed",
+                "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369",
+                "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827",
+                "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1",
+                "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991",
+                "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53",
+                "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f",
+                "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d",
+                "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69",
+                "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058",
+                "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c",
+                "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e",
+                "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa",
+                "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315",
+                "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e",
+                "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05",
+                "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373",
+                "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813",
+                "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea",
+                "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406",
+                "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5",
+                "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc",
+                "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053",
+                "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73",
+                "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62",
+                "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76",
+                "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1",
+                "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0",
+                "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7",
+                "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482",
+                "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132",
+                "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892",
+                "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6",
+                "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4",
+                "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee",
+                "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3",
+                "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5",
+                "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0",
+                "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49",
+                "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322",
+                "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333",
+                "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396",
+                "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55",
+                "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045",
+                "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f",
+                "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa",
+                "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06",
+                "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396"
+            ],
+            "version": "==1.14.5"
+        },
+        "chardet": {
+            "hashes": [
+                "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa",
+                "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "version": "==4.0.0"
+        },
+        "cryptography": {
+            "hashes": [
+                "sha256:0f1212a66329c80d68aeeb39b8a16d54ef57071bf22ff4e521657b27372e327d",
+                "sha256:1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959",
+                "sha256:240f5c21aef0b73f40bb9f78d2caff73186700bf1bc6b94285699aff98cc16c6",
+                "sha256:26965837447f9c82f1855e0bc8bc4fb910240b6e0d16a664bb722df3b5b06873",
+                "sha256:37340614f8a5d2fb9aeea67fd159bfe4f5f4ed535b1090ce8ec428b2f15a11f2",
+                "sha256:3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713",
+                "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1",
+                "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177",
+                "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250",
+                "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca",
+                "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d",
+                "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9"
+            ],
+            "version": "==3.4.7"
+        },
+        "idna": {
+            "hashes": [
+                "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6",
+                "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==2.10"
+        },
+        "importlib-metadata": {
+            "hashes": [
+                "sha256:057e92c15bc8d9e8109738a48db0ccb31b4d9d5cfbee5a8670879a30be66304b",
+                "sha256:b7e52a1f8dec14a75ea73e0891f3060099ca1d8e6a462a4dff11c3e119ea1b31"
+            ],
+            "markers": "python_version < '3.8'",
+            "version": "==4.2.0"
+        },
+        "iniconfig": {
+            "hashes": [
+                "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3",
+                "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"
+            ],
+            "version": "==1.1.1"
+        },
+        "packaging": {
+            "hashes": [
+                "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5",
+                "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==20.9"
+        },
+        "pluggy": {
+            "hashes": [
+                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
+                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==0.13.1"
+        },
+        "py": {
+            "hashes": [
+                "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3",
+                "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==1.10.0"
+        },
+        "pycparser": {
+            "hashes": [
+                "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0",
+                "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==2.20"
+        },
+        "pyjwt": {
+            "extras": [
+                "crypto"
+            ],
+            "hashes": [
+                "sha256:934d73fbba91b0483d3857d1aff50e96b2a892384ee2c17417ed3203f173fca1",
+                "sha256:fba44e7898bbca160a2b2b501f492824fc8382485d3a6f11ba5d0c1937ce6130"
+            ],
+            "index": "pypi",
+            "version": "==2.1.0"
+        },
+        "pyparsing": {
+            "hashes": [
+                "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
+                "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
+            ],
+            "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==2.4.7"
+        },
+        "pytest": {
+            "hashes": [
+                "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b",
+                "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890"
+            ],
+            "index": "pypi",
+            "version": "==6.2.4"
+        },
+        "python-decouple": {
+            "hashes": [
+                "sha256:2e5adb0263a4f963b58d7407c4760a2465d464ee212d733e2a2c179e54c08d8f",
+                "sha256:a8268466e6389a639a20deab9d880faee186eb1eb6a05e54375bdf158d691981"
+            ],
+            "index": "pypi",
+            "version": "==3.4"
+        },
+        "redis": {
+            "hashes": [
+                "sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2",
+                "sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24"
+            ],
+            "index": "pypi",
+            "version": "==3.5.3"
+        },
+        "requests": {
+            "hashes": [
+                "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804",
+                "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"
+            ],
+            "index": "pypi",
+            "version": "==2.25.1"
+        },
+        "toml": {
+            "hashes": [
+                "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b",
+                "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
+            ],
+            "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==0.10.2"
+        },
+        "typing-extensions": {
+            "hashes": [
+                "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497",
+                "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342",
+                "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84"
+            ],
+            "markers": "python_version < '3.8'",
+            "version": "==3.10.0.0"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c",
+                "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
+            "version": "==1.26.5"
+        },
+        "zipp": {
+            "hashes": [
+                "sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76",
+                "sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098"
+            ],
+            "markers": "python_version >= '3.6'",
+            "version": "==3.4.1"
+        }
+    },
+    "develop": {}
+}
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -23,7 +23,7 @@
    "@godaddy/terminus": "^4.1.2",
    "@nestjs/common": "^5.1.0",
    "@nestjs/core": "^5.1.0",
-    "@nestjs/swagger": "^3.0.2",
+    "@nestjs/swagger": "^3.1.0",
    "@nestjs/terminus": "^5.6.0",
    "class-transformer": "^0.2.0",
    "class-validator": "^0.9.1",
@@ -39,7 +39,7 @@
    "request-promise-native": "^1.0.5",
    "rxjs": "^6.2.2",
    "serve-favicon": "^2.5.0",
-    "swagger-ui-express": "^4.0.2",
+    "swagger-ui-express": "^4.1.4",
    "typescript": "^3.0.1",
    "uuid": "^3.3.2"
  },
@@ -77,4 +77,4 @@
    "coverageDirectory": "../coverage",
    "testEnvironment": "node"
  }
-}
\ No newline at end of file
+}
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -22,6 +22,7 @@ export class AppModule {
      .apply(VerifyXsrfTokenAndDecodeJWTPayloadMiddleware).forRoutes(
        { path: 'user', method: RequestMethod.GET },
        { path: 'user', method: RequestMethod.DELETE },
+        { path: 'user/createOidcAccount', method: RequestMethod.POST },
        { path: 'user/resources', method: RequestMethod.GET },
        { path: 'user/resources/add', method: RequestMethod.POST },
        { path: 'user/resources/renew', method: RequestMethod.POST },

--- a/src/configuration/config.service.ts
+++ b/src/configuration/config.service.ts
@@ -9,6 +9,7 @@ export class ConfigService {
  constructor() {
    dotenv.config();
    this._config.legacyAuthServiceUrl = process.env.LEGACY_AUTH_SERVICE_URL;
+    this._config.legacyAuthOidcUrl = process.env.LEGACY_AUTH_OIDC_URL;
    this._config.adminPassword = process.env.ADMIN_PASSWORD;
    this._config.adminUsername = process.env.ADMIN_USERNAME;
    this._config.serviceEmailUrl = process.env.SERVICE_EMAIL_URL;
@@ -44,7 +45,7 @@ export class ConfigService {

  async initilizePublicPrivateKeys() {
    try {
-      const redis = new Redis(this.config.redis.sentinelPort, this.config.redis.sentinelHost, this.config.redis.groupName);
+      const redis = new Redis(this.config.redis);
      let keys: any = await redis.getValueByKey('encryptionKeys');

      if (keys) {
@@ -68,4 +69,4 @@ export class ConfigService {
      throw new InternalServerErrorException('Failed to initialize Public/Private keys');
    }
  }
-}
\ No newline at end of file
+}
--- a/src/configuration/config.ts
+++ b/src/configuration/config.ts
+
+export interface RedisCfg{  
+  sentinel:boolean, // config simple ou sentinel
+  sentinelPort: number,
+  sentinelHost: string,
+  groupName: string,
+  ttl:number
+}
+
+
+
 export const Config = {
  legacyAuthServiceUrl: '',
+  legacyAuthOidcUrl: '',
  adminUsername: '',
  adminPassword: '',
  serviceEmailUrl: '',
@@ -14,11 +26,13 @@ export const Config = {
  },
  resetPasswordSessionTtl: 86400, // 24 hours
  redis: {
+    sentinel:true, //false in dev with simple redis server
    sentinelPort: null,
    sentinelHost: '',
    groupName: '',
+    ttl: 3600, // in seconds
  },
  imageHost: '',
  apiKey: '',
  accessTokenCookieKey: '',
-};
\ No newline at end of file
+};
--- a/src/helpers/redis.helper.ts
+++ b/src/helpers/redis.helper.ts
 import { InternalServerErrorException, Logger } from '@nestjs/common';
 import { handleError } from '../legacy/errorHandlingHelper';
 import * as IORedis from 'ioredis';
+import { RedisCfg } from 'configuration/config';

 export class Redis {

  constructor(
-    private redisSentinelPort: number,
-    private redisSentinelHost: string,
-    private redisGroupName: string,
+    private redisConfig: RedisCfg
  ) { }

  connect() {
    Logger.log(`Entering function`, `Redis.connect`);
-    const client = new IORedis({
-      sentinels: [
-        { host: this.redisSentinelHost, port: this.redisSentinelPort },
-      ],
-      name: this.redisGroupName,
-    });
+    let cfg:any={
+        host: this.redisConfig.sentinelHost, port: this.redisConfig.sentinelPort ,
+        name: this.redisConfig.groupName,
+    };
+    if(this.redisConfig.sentinel){
+      cfg={
+          sentinels: [
+            { host: this.redisConfig.sentinelHost, port: this.redisConfig.sentinelPort },
+          ],
+          name: this.redisConfig.groupName,
+      };
+    }
+
+    const client = new IORedis(cfg);

    client.on('error', (error) => {
      Logger.error('Redis client error.', `${error}`, `Redis.connect`);

--- a/src/legacy/legacy.controller.ts
+++ b/src/legacy/legacy.controller.ts
 import {
  Controller, Post, Body, HttpException, InternalServerErrorException,
-  HttpCode, Get, Req, Delete, Put, Query
+  HttpCode, Get, Req, Delete, Put, Query, Res, HttpStatus, Param,
 } from '@nestjs/common';
 import { LegacyService } from './legacy.service';
+import { LegacyServiceOIDC } from './legacy.service.oidc';
 import { ApiOperation, ApiResponse, ApiUseTags, ApiImplicitHeader, ApiImplicitBody } from '@nestjs/swagger';
 import {
  LoginForm, UserCreationForm, UserInfoWithEcryptedPassword, JWTToken, Service, Resource, RestrictedAccessDataset,
  AccessRequest, UpdatePasswordForm, UserUpdateForm, UserInfo, AccessDeletionResponse,
-  AccessRequestResponse, AccessRenewalResponse, UserAccountValidationRequest, PasswordResetForm, PasswordForgottenForm
+  AccessRequestResponse, AccessRenewalResponse, UserAccountValidationRequest, PasswordResetForm, PasswordForgottenForm,
 } from './legacy.model';
 import { handleError } from './errorHandlingHelper';
+import { TokenService } from './token.service';

 @ApiUseTags('legacy')
 @Controller()
@@ -17,6 +19,8 @@ export class LegacyController {

  constructor(
    private legacyService: LegacyService,
+    private legacyServiceOidc: LegacyServiceOIDC,
+    private tokenService: TokenService,
  ) { }

  @Get('user')
@@ -78,6 +82,32 @@ export class LegacyController {
    }
  }

+  @Post('user/createOidcAccount')
+  @ApiImplicitHeader({
+    name: 'Cookie',
+    description: 'The JWT token containing user information',
+  })
+  @ApiImplicitHeader({
+    name: 'X-Xsrf-Token',
+    description: 'Cross Site reference token contained in the JWT token',
+  })
+  @ApiOperation({ title: 'Create the user specified in the OIDC JWT token if he doesn\'t exists. Return silently if the user exsist' })
+  @ApiResponse({ status: 200, description: 'User created' })
+  @ApiResponse({ status: 400, description: 'Bad Request (Invalid token, Missing token )' })
+  @ApiResponse({ status: 500, description: 'Internal error' })
+  @HttpCode(201)
+  async createOidcAccount(@Req() req) {
+    try {
+      return await this.legacyServiceOidc.createAccount(req.headers.token);
+    } catch (error) {
+      if (error instanceof HttpException) {
+        throw error;
+      } else {
+        throw new InternalServerErrorException();
+      }
+    }
+  }
+
  @Post('user/login')
  @ApiOperation({ title: 'Check if the user exist and returns its information with the encrypted password.' })
  @ApiResponse({ status: 200, description: 'Success, returns user info', type: UserInfoWithEcryptedPassword })
@@ -217,6 +247,14 @@ export class LegacyController {

  @Get('user/resources')
  @ApiOperation({ title: 'Get the list of accessible resources by the specified user.' })
+  @ApiImplicitHeader({
+    name: 'Cookie',
+    description: 'The JWT token containing user information',
+  })
+  @ApiImplicitHeader({
+    name: 'X-Xsrf-Token',
+    description: 'Cross Site reference token contained in the JWT token',
+  })
  @ApiImplicitHeader({
    name: 'Cookie',
    description: 'The JWT token is sent by the browser as a cookie (refer to the config of the Authentication project to know which key is used)',
@@ -228,7 +266,12 @@ export class LegacyController {
  async getUserResources(@Req() req): Promise<Resource[]> {
    const token: JWTToken = req.headers.token;
    try {
-      const userServices = await this.legacyService.getUserResources(token.username, token.authzKey);
+      let userServices;
+      if (token.authzKey == null) { // is OIDC token
+        userServices = await this.legacyServiceOidc.getUserResources(token);
+      } else {
+        userServices = await this.legacyService.getUserResources(token);
+      }
      return userServices;
    } catch (error) {
      if (error instanceof HttpException) {
@@ -254,7 +297,12 @@ export class LegacyController {
  async addUserResource(@Req() req, @Body() body) {
    const token: JWTToken = req.headers.token;
    try {
-      return await this.legacyService.addUserResource(token, body);
+      if (token.authzKey == null) { // is OIDC token
+        const access_token = await this.tokenService.getAccessToken(token)
+        return await this.legacyServiceOidc.addUserResource(token, body, access_token);
+      } else {
+        return await this.legacyService.addUserResource(token, body);
+      }
    } catch (error) {
      if (error instanceof HttpException) {
        throw error;
@@ -266,6 +314,14 @@ export class LegacyController {

  @Post('user/resources/renew')
  @ApiOperation({ title: 'Renew access to a restricted access dataset for an existing user.' })
+  @ApiImplicitHeader({
+    name: 'Cookie',
+    description: 'The JWT token containing user information',
+  })
+  @ApiImplicitHeader({
+    name: 'X-Xsrf-Token',
+    description: 'Cross Site reference token contained in the JWT token',
+  })
  @ApiImplicitHeader({
    name: 'Cookie',
    description: 'The JWT token is sent by the browser as a cookie (refer to the config of the Authentication project to know which key is used)',
@@ -279,7 +335,11 @@ export class LegacyController {
  async renewUserResource(@Req() req, @Body() body: AccessRequest[]) {
    const token: JWTToken = req.headers.token;
    try {
-      return await this.legacyService.renewUserResource(token, body);
+      if (token.authzKey == null) { // is OIDC token
+        return await this.legacyServiceOidc.renewUserResource(token, body);
+      } else {
+        return await this.legacyService.renewUserResource(token, body);
+      }
    } catch (error) {
      if (error instanceof HttpException) {
        throw error;
@@ -302,7 +362,12 @@ export class LegacyController {
  async deleteUserResource(@Req() req, @Body() body) {
    const token: JWTToken = req.headers.token;
    try {
-      return await this.legacyService.deleteUserResource(token, body);
+      
+      if (token.authzKey == null) { // is OIDC token
+        return await this.legacyServiceOidc.deleteUserResource(token, body);
+      } else {
+        return await this.legacyService.deleteUserResource(token, body);
+      }
    } catch (error) {
      if (error instanceof HttpException) {
        throw error;

--- a/src/legacy/legacy.module.ts
+++ b/src/legacy/legacy.module.ts
 import { Module } from '@nestjs/common';
 import { LegacyService } from './legacy.service';
+import { LegacyServiceOIDC } from './legacy.service.oidc';
 import { LegacyController } from './legacy.controller';
+import { TokenService } from './token.service';

 @Module({
-  providers: [LegacyService],
+  providers: [LegacyService, LegacyServiceOIDC,TokenService],
  controllers: [LegacyController],
 })
 export class LegacyModule {}
--- a/src/legacy/legacy.service.oidc.ts
+++ b/src/legacy/legacy.service.oidc.ts
+import {
+  Injectable, HttpException, BadRequestException, HttpStatus,
+  InternalServerErrorException, UnauthorizedException,
+} from '@nestjs/common';
+import {
+  LoginForm, UserInfoWithEcryptedPassword, UserCreationForm, Service, JWTToken, Resource, RestrictedAccessDataset,
+  AccessRequest, UpdatePasswordForm, UserUpdateForm, UserInfo, LegacyUserUpdateForm, LegacyUserCreationForm,
+  AccessDeletionResponse, AccessRequestResponse, AccessRenewalResponse, PasswordResetForm, PasswordForgottenForm, Email,
+} from './legacy.model';