feat(OAuth): add 'iss' parameter to OAuth exchange methods for improved provider handling
All checks were successful
Deploy to production / deploy (push) Successful in 1m57s
All checks were successful
Deploy to production / deploy (push) Successful in 1m57s
This commit is contained in:
Torsten Schulz (local)
@@ -72,9 +72,9 @@ class AuthController {
|
||||
}
|
||||
|
||||
async oauthExchange(req, res) {
|
||||
const { code, state } = req.body;
|
||||
const { code, state, iss } = req.body;
|
||||
try {
|
||||
const result = await oauthService.exchangeOAuthLogin({ code, state });
|
||||
const result = await oauthService.exchangeOAuthLogin({ code, state, iss });
|
||||
res.status(200).json(result);
|
||||
} catch (error) {
|
||||
const knownErrors = new Set([
|
||||
@@ -128,7 +128,7 @@ class AuthController {
|
||||
|
||||
async oauthUserExchange(req, res) {
|
||||
const hashedUserId = req.headers.userid || req.query.userid;
|
||||
const { code, state } = req.body;
|
||||
const { code, state, iss } = req.body;
|
||||
try {
|
||||
const User = (await import('../models/community/user.js')).default;
|
||||
const user = await User.findOne({ where: { hashedId: hashedUserId } });
|
||||
@@ -139,7 +139,8 @@ class AuthController {
|
||||
const result = await oauthService.exchangeOAuthLoginForUser({
|
||||
userId: user.id,
|
||||
code,
|
||||
state
|
||||
state,
|
||||
iss
|
||||
});
|
||||
res.status(200).json(result);
|
||||
} catch (error) {
|
||||
|
||||
@@ -361,7 +361,7 @@ export const startOAuthLogin = async ({ providerSlug }) => {
|
||||
});
|
||||
};
|
||||
|
||||
export const exchangeOAuthLogin = async ({ code, state }) => {
|
||||
export const exchangeOAuthLogin = async ({ code, state, iss }) => {
|
||||
if (!code || !state) {
|
||||
throw new Error('oauthcodemissing');
|
||||
}
|
||||
@@ -380,6 +380,9 @@ export const exchangeOAuthLogin = async ({ code, state }) => {
|
||||
const callbackUrl = new URL(stateData.redirectUri);
|
||||
callbackUrl.searchParams.set('code', code);
|
||||
callbackUrl.searchParams.set('state', state);
|
||||
if (iss) {
|
||||
callbackUrl.searchParams.set('iss', iss);
|
||||
}
|
||||
|
||||
const tokens = await oidc.authorizationCodeGrant(configuration, callbackUrl, {
|
||||
pkceCodeVerifier: stateData.codeVerifier,
|
||||
@@ -494,7 +497,7 @@ export const startOAuthLoginForUser = async ({ userId, providerSlug }) => {
|
||||
});
|
||||
};
|
||||
|
||||
export const exchangeOAuthLoginForUser = async ({ userId, code, state }) => {
|
||||
export const exchangeOAuthLoginForUser = async ({ userId, code, state, iss }) => {
|
||||
if (!code || !state) {
|
||||
throw new Error('oauthcodemissing');
|
||||
}
|
||||
@@ -517,6 +520,9 @@ export const exchangeOAuthLoginForUser = async ({ userId, code, state }) => {
|
||||
const callbackUrl = new URL(stateData.redirectUri);
|
||||
callbackUrl.searchParams.set('code', code);
|
||||
callbackUrl.searchParams.set('state', state);
|
||||
if (iss) {
|
||||
callbackUrl.searchParams.set('iss', iss);
|
||||
}
|
||||
|
||||
const tokens = await oidc.authorizationCodeGrant(configuration, callbackUrl, {
|
||||
pkceCodeVerifier: stateData.codeVerifier,
|
||||
|
||||
@@ -24,7 +24,7 @@ export default {
|
||||
methods: {
|
||||
...mapActions(['login']),
|
||||
async finishLogin() {
|
||||
const { code, state, error, error_description: errorDescription } = this.$route.query;
|
||||
const { code, state, iss, error, error_description: errorDescription } = this.$route.query;
|
||||
|
||||
if (error) {
|
||||
this.hasError = true;
|
||||
@@ -39,7 +39,11 @@ export default {
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await apiClient.post('/api/auth/oauth/exchange', { code, state });
|
||||
const payload = { code, state };
|
||||
if (iss) {
|
||||
payload.iss = iss;
|
||||
}
|
||||
const response = await apiClient.post('/api/auth/oauth/exchange', payload);
|
||||
await this.login({ user: response.data, rememberMe: true });
|
||||
await this.$router.replace('/settings/personal');
|
||||
} catch (loginError) {
|
||||
|
||||
@@ -25,7 +25,7 @@ export default {
|
||||
},
|
||||
methods: {
|
||||
async finishLinking() {
|
||||
const { code, state, error, error_description: errorDescription } = this.$route.query;
|
||||
const { code, state, iss, error, error_description: errorDescription } = this.$route.query;
|
||||
|
||||
if (error) {
|
||||
this.hasError = true;
|
||||
@@ -43,7 +43,11 @@ export default {
|
||||
|
||||
try {
|
||||
this.statusText = 'Authentifizierung wird mit deinem Konto verknüpft...';
|
||||
const response = await apiClient.post('/api/auth/oauth/user/exchange', { code, state });
|
||||
const payload = { code, state };
|
||||
if (iss) {
|
||||
payload.iss = iss;
|
||||
}
|
||||
const response = await apiClient.post('/api/auth/oauth/user/exchange', payload);
|
||||
|
||||
this.message = 'Erfolgreich verknüpft!';
|
||||
this.statusText = `${response.data.identity.displayName} wurde erfolgreich hinzugefügt. Du kannst diese Seite jetzt schließen oder zur Sicherheitsseite zurückkehren.`;
|
||||
|
||||
Reference in New Issue
Block a user