devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: use raw base64 url decoding

Browse Source
This commit is contained in:
Lakhan Samani 2022-06-15 21:55:41 +05:30
parent 484d0c0882
commit ab18fa5832
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
server/handlers/oauth_callback.go
View File

@ -2,6 +2,7 @@ package handlers
import ( import (
"context" "context"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -17,7 +18,6 @@ import (
"github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/cookie" "github.com/authorizerdev/authorizer/server/cookie"
"github.com/authorizerdev/authorizer/server/crypto"
"github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db"
"github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/db/models"
"github.com/authorizerdev/authorizer/server/memorystore" "github.com/authorizerdev/authorizer/server/memorystore"
@ -456,12 +456,15 @@ func processLinkedInUserInfo(code string) (models.User, error) {
func processAppleUserInfo(code string) (models.User, error) { func processAppleUserInfo(code string) (models.User, error) {
user := models.User{} user := models.User{}
fmt.Println("=> code:", code)
oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code) oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code)
if err != nil { if err != nil {
log.Debug("Failed to exchange code for token: ", err) log.Debug("Failed to exchange code for token: ", err)
return user, fmt.Errorf("invalid apple exchange code: %s", err.Error()) return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
} }
fmt.Println("=> oauth2Token:", oauth2Token)
// Extract the ID Token from OAuth2 token. // Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string) rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok { if !ok {
@ -471,19 +474,23 @@ func processAppleUserInfo(code string) (models.User, error) {
tokenSplit := strings.Split(rawIDToken, ".") tokenSplit := strings.Split(rawIDToken, ".")
claimsData := tokenSplit[1] claimsData := tokenSplit[1]
decodedClaimsData, err := crypto.DecryptB64(claimsData) decodedClaimsData, err := base64.RawURLEncoding.DecodeString(claimsData)
if err != nil { if err != nil {
log.Debug("Failed to decrypt claims data: ", err) log.Debugf("Failed to decrypt claims %s: %s", claimsData, err.Error())
return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error()) return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error())
} }
fmt.Println("=> decodedClaimsData:", string(decodedClaimsData))
claims := make(map[string]interface{}) claims := make(map[string]interface{})
err = json.Unmarshal([]byte(decodedClaimsData), &claims) err = json.Unmarshal(decodedClaimsData, &claims)
if err != nil { if err != nil {
log.Debug("Failed to unmarshal claims data: ", err) log.Debug("Failed to unmarshal claims data: ", err)
return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error()) return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
} }
fmt.Println("=> claims:", claims)
if val, ok := claims["email"]; !ok { if val, ok := claims["email"]; !ok {
log.Debug("Failed to extract email from claims.") log.Debug("Failed to extract email from claims.")
return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes") return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")