fix: add code to query params + fix openid config
This commit is contained in:
Lakhan Samani
@@ -38,6 +38,7 @@ export default function Root({
|
||||
const scope = searchParams.get('scope')
|
||||
? searchParams.get('scope')?.toString().split(' ')
|
||||
: ['openid', 'profile', 'email'];
|
||||
const code = searchParams.get('code')
|
||||
|
||||
const urlProps: Record<string, any> = {
|
||||
state,
|
||||
@@ -58,6 +59,10 @@ export default function Root({
|
||||
if (token) {
|
||||
let redirectURL = config.redirectURL || '/app';
|
||||
let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
|
||||
|
||||
if (code) {
|
||||
params += `&code=${code}`
|
||||
}
|
||||
if (token.refresh_token) {
|
||||
params += `&refresh_token=${token.refresh_token}`;
|
||||
}
|
||||
|
||||
@@ -58,8 +58,9 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
isQuery := responseMode == "query"
|
||||
code := uuid.New().String()
|
||||
|
||||
loginURL := "/app?state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
|
||||
loginURL := "/app?state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
|
||||
|
||||
if clientID == "" {
|
||||
if isQuery {
|
||||
@@ -250,7 +251,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
|
||||
cookie.SetSession(gc, newSessionToken)
|
||||
code := uuid.New().String()
|
||||
|
||||
memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken)
|
||||
gc.HTML(http.StatusOK, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
@@ -297,7 +298,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
// used of query mode
|
||||
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
|
||||
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code
|
||||
|
||||
res := map[string]interface{}{
|
||||
"access_token": authToken.AccessToken.Token,
|
||||
@@ -306,6 +307,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
"scope": scope,
|
||||
"token_type": "Bearer",
|
||||
"expires_in": expiresIn,
|
||||
"code": code,
|
||||
}
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
|
||||
@@ -17,14 +17,14 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
|
||||
c.JSON(200, gin.H{
|
||||
"issuer": issuer,
|
||||
"authorization_endpoint": issuer + "/authorize",
|
||||
"token_endpoint": issuer + "/token",
|
||||
"token_endpoint": issuer + "/oauth/token",
|
||||
"userinfo_endpoint": issuer + "/userinfo",
|
||||
"jwks_uri": issuer + "/.well-known/jwks.json",
|
||||
"response_types_supported": []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
|
||||
"response_types_supported": []string{"code", "token", "id_token"},
|
||||
"scopes_supported": []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
|
||||
"response_modes_supported": []string{"query", "fragment", "form_post"},
|
||||
"id_token_signing_alg_values_supported": []string{jwtType},
|
||||
"claims_supported": []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
|
||||
"claims_supported": []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "role", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce", "updated_at", "created_at", "revoked_timestamp", "login_method", "signup_methods", "token_type"},
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user