feat(OAuth): add 'iss' parameter to OAuth exchange methods for improved provider handling

2026-05-15 14:58:38 +02:00
parent 52f2d52916
commit e179dc714b
4 changed files with 25 additions and 10 deletions
--- a/backend/controllers/authController.js
+++ b/backend/controllers/authController.js
@@ -72,9 +72,9 @@ class AuthController {
    }
    async oauthExchange(req, res) {
-        const { code, state } = req.body;
+        const { code, state, iss } = req.body;
        try {
-            const result = await oauthService.exchangeOAuthLogin({ code, state });
+            const result = await oauthService.exchangeOAuthLogin({ code, state, iss });
            res.status(200).json(result);
        } catch (error) {
            const knownErrors = new Set([
@@ -128,7 +128,7 @@ class AuthController {
    async oauthUserExchange(req, res) {
        const hashedUserId = req.headers.userid || req.query.userid;
-        const { code, state } = req.body;
+        const { code, state, iss } = req.body;
        try {
            const User = (await import('../models/community/user.js')).default;
            const user = await User.findOne({ where: { hashedId: hashedUserId } });
@@ -139,7 +139,8 @@ class AuthController {
            const result = await oauthService.exchangeOAuthLoginForUser({
                userId: user.id,
                code,
-                state
+                state,
                iss
            });
            res.status(200).json(result);
        } catch (error) {
--- a/backend/services/oauthService.js
+++ b/backend/services/oauthService.js
@@ -361,7 +361,7 @@ export const startOAuthLogin = async ({ providerSlug }) => {
    });
 };
-export const exchangeOAuthLogin = async ({ code, state }) => {
+export const exchangeOAuthLogin = async ({ code, state, iss }) => {
    if (!code || !state) {
        throw new Error('oauthcodemissing');
    }
@@ -380,6 +380,9 @@ export const exchangeOAuthLogin = async ({ code, state }) => {
    const callbackUrl = new URL(stateData.redirectUri);
    callbackUrl.searchParams.set('code', code);
    callbackUrl.searchParams.set('state', state);
    if (iss) {
        callbackUrl.searchParams.set('iss', iss);
    }
    const tokens = await oidc.authorizationCodeGrant(configuration, callbackUrl, {
        pkceCodeVerifier: stateData.codeVerifier,
@@ -494,7 +497,7 @@ export const startOAuthLoginForUser = async ({ userId, providerSlug }) => {
    });
 };
-export const exchangeOAuthLoginForUser = async ({ userId, code, state }) => {
+export const exchangeOAuthLoginForUser = async ({ userId, code, state, iss }) => {
    if (!code || !state) {
        throw new Error('oauthcodemissing');
    }
@@ -517,6 +520,9 @@ export const exchangeOAuthLoginForUser = async ({ userId, code, state }) => {
    const callbackUrl = new URL(stateData.redirectUri);
    callbackUrl.searchParams.set('code', code);
    callbackUrl.searchParams.set('state', state);
    if (iss) {
        callbackUrl.searchParams.set('iss', iss);
    }
    const tokens = await oidc.authorizationCodeGrant(configuration, callbackUrl, {
        pkceCodeVerifier: stateData.codeVerifier,
--- a/frontend/src/views/auth/OAuthCallbackView.vue
+++ b/frontend/src/views/auth/OAuthCallbackView.vue
@@ -24,7 +24,7 @@ export default {
    methods: {
        ...mapActions(['login']),
        async finishLogin() {
-            const { code, state, error, error_description: errorDescription } = this.$route.query;
+            const { code, state, iss, error, error_description: errorDescription } = this.$route.query;
            if (error) {
                this.hasError = true;
@@ -39,7 +39,11 @@ export default {
            }
            try {
-                const response = await apiClient.post('/api/auth/oauth/exchange', { code, state });
+                const payload = { code, state };
                if (iss) {
                    payload.iss = iss;
                }
                const response = await apiClient.post('/api/auth/oauth/exchange', payload);
                await this.login({ user: response.data, rememberMe: true });
                await this.$router.replace('/settings/personal');
            } catch (loginError) {
--- a/frontend/src/views/auth/OAuthUserCallbackView.vue
+++ b/frontend/src/views/auth/OAuthUserCallbackView.vue
@@ -25,7 +25,7 @@ export default {
    },
    methods: {
        async finishLinking() {
-            const { code, state, error, error_description: errorDescription } = this.$route.query;
+            const { code, state, iss, error, error_description: errorDescription } = this.$route.query;
            if (error) {
                this.hasError = true;
@@ -43,7 +43,11 @@ export default {
            try {
                this.statusText = 'Authentifizierung wird mit deinem Konto verknüpft...';
-                const response = await apiClient.post('/api/auth/oauth/user/exchange', { code, state });
+                const payload = { code, state };
                if (iss) {
                    payload.iss = iss;
                }
                const response = await apiClient.post('/api/auth/oauth/user/exchange', payload);
                this.message = 'Erfolgreich verknüpft!';
                this.statusText = `${response.data.identity.displayName} wurde erfolgreich hinzugefügt. Du kannst diese Seite jetzt schließen oder zur Sicherheitsseite zurückkehren.`;