From ade676f92cc95b7ac1fa429f66a9666abe1ef3c6 Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Sat, 30 Dec 2023 21:19:44 +0530 Subject: [PATCH] fix: remove access_token & id_token from query string --- app/src/Root.tsx | 4 +++- server/handlers/oauth_callback.go | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/app/src/Root.tsx b/app/src/Root.tsx index 61dd2a8..11e4254 100644 --- a/app/src/Root.tsx +++ b/app/src/Root.tsx @@ -59,7 +59,9 @@ export default function Root({ useEffect(() => { if (token) { let redirectURL = config.redirectURL || '/app'; - let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`; + // let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`; + // Note: If OIDC breaks in the future, use the above params + let params = `state=${globalState.state}`; if (code !== '') { params += `&code=${code}`; diff --git a/server/handlers/oauth_callback.go b/server/handlers/oauth_callback.go index fdc0466..4a4e529 100644 --- a/server/handlers/oauth_callback.go +++ b/server/handlers/oauth_callback.go @@ -7,7 +7,6 @@ import ( "fmt" "io" "net/http" - "strconv" "strings" "time" @@ -248,8 +247,9 @@ func OAuthCallbackHandler() gin.HandlerFunc { expiresIn = 1 } - params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce - + // params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce + // Note: If OIDC breaks in the future, use the above params + params := "state=" + stateValue + "&nonce=" + nonce if code != "" { params += "&code=" + code }