devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: remove access_token & id_token from query string

Browse Source
This commit is contained in:
Lakhan Samani 2023-12-30 21:19:44 +05:30
parent ef2a590608
commit ade676f92c
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/src/Root.tsx
View File

@ -59,7 +59,9 @@ export default function Root({
useEffect(() => {
if (token) {
let redirectURL = config.redirectURL || '/app';
let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
// let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
// Note: If OIDC breaks in the future, use the above params
let params = `state=${globalState.state}`;
if (code !== '') {
params += `&code=${code}`;

6
server/handlers/oauth_callback.go
View File

@ -7,7 +7,6 @@ import (
"fmt"
"io"
"net/http"
"strconv"
"strings"
"time"
@ -248,8 +247,9 @@ func OAuthCallbackHandler() gin.HandlerFunc {
expiresIn = 1
}
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
// params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
// Note: If OIDC breaks in the future, use the above params
params := "state=" + stateValue + "&nonce=" + nonce
if code != "" {
params += "&code=" + code
}