fix(server): creepy @@ string split logic for auth_token
This commit is contained in:
Lakhan Samani
@@ -16,7 +16,7 @@ jargons
|
||||
login resolver has optional param state
|
||||
-if state found in store, split with @@
|
||||
- if len > 1 -> response type is code and has code + challenge
|
||||
- set `nonce@@code` for createAuthToken request so that `c_hash` can be generated
|
||||
- set `nonce, code` for createAuthToken request so that `c_hash` can be generated
|
||||
- do not add `nonce` to id_token in code flow, instead set `c_hash` and `at_hash`
|
||||
|
||||
|
||||
@@ -26,8 +26,8 @@ jargons
|
||||
- add &nonce to login redirect url
|
||||
login resolver has optional param state
|
||||
- if state found in store, split with @@
|
||||
- if len < 1 -> response type is token / id_token and has nonce
|
||||
- send received nonce for createAuthToken
|
||||
- if len < 1 -> response type is token / id_token and value is nonce
|
||||
- send received nonce for createAuthToken with empty code value
|
||||
- set `nonce` and `at_hash` in `id_token`
|
||||
**/
|
||||
|
||||
@@ -277,7 +277,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
if responseType == constants.ResponseTypeToken || responseType == constants.ResponseTypeIDToken {
|
||||
hostname := parsers.GetHost(gc)
|
||||
// rollover the session for security
|
||||
authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod, nonce)
|
||||
authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod, nonce, "")
|
||||
if err != nil {
|
||||
log.Debug("CreateAuthToken failed: ", err)
|
||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||
|
||||
@@ -197,8 +197,11 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
// TODO
|
||||
// use stateValue to get code / nonce
|
||||
// add code / nonce to id_token
|
||||
nonce := uuid.New().String()
|
||||
authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider, nonce)
|
||||
authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider, nonce, "")
|
||||
if err != nil {
|
||||
log.Debug("Failed to create auth token: ", err)
|
||||
ctx.JSON(500, gin.H{"error": err.Error()})
|
||||
|
||||
@@ -246,7 +246,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||
fmt.Println("=> code", code)
|
||||
fmt.Println("=> nonce", nonce)
|
||||
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod, nonce)
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod, nonce, code)
|
||||
if err != nil {
|
||||
log.Debug("Error creating auth token: ", err)
|
||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||
|
||||
@@ -101,7 +101,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
nonce := uuid.New().String()
|
||||
authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce)
|
||||
authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, "")
|
||||
if err != nil {
|
||||
log.Debug("Error creating auth token: ", err)
|
||||
errorRes["error_description"] = err.Error()
|
||||
|
||||
Reference in New Issue
Block a user