fix: redirect from app

fix: add code to login query params
fix: add code to query params
2022-10-19 12:20:22 +05:30 · 2022-10-19 12:01:34 +05:30 · 2022-10-19 11:29:49 +05:30 · 2022-10-19 09:03:00 +05:30
2 changed files with 22 additions and 17 deletions
--- a/app/src/Root.tsx
+++ b/app/src/Root.tsx
@@ -38,6 +38,7 @@ export default function Root({
 	const scope = searchParams.get('scope')
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
+	const code = searchParams.get('code') || createRandomString()

 	const urlProps: Record<string, any> = {
 		state,
@@ -57,7 +58,7 @@ export default function Root({
 	useEffect(() => {
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
-			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
+			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}&code=`+code;
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -77,8 +77,11 @@ func AuthorizeHandler() gin.HandlerFunc {
 			"redirect_uri":   redirectURI,
 		})

+		code := uuid.New().String()
+		memorystore.Provider.SetState(codeChallenge, code)
+
 		// used for response mode query or fragment
-		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
 		loginURL := "/app?" + loginState

 		if responseMode == constants.ResponseModeFragment {
@@ -147,17 +150,23 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionKey = claims.LoginMethod + ":" + user.ID
 		}

+		nonce := uuid.New().String()
+		newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
+		if err != nil {
+			log.Debug("CreateSessionToken failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+			return
+		}
+
+		if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
+			log.Debug("SetState failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+			return
+		}
+
 		// rollover the session for security
 		go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
 		if responseType == constants.ResponseTypeCode {
-			nonce := uuid.New().String()
-			newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
-			if err != nil {
-				log.Debug("CreateSessionToken failed: ", err)
-				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
-				return
-			}
-
 			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
 				log.Debug("SetUserSession failed: ", err)
 				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
@@ -165,12 +174,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}

 			cookie.SetSession(gc, newSessionToken)
-			code := uuid.New().String()
-			if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
-				log.Debug("SetState failed: ", err)
-				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
-				return
-			}

 			// in case, response type is code and user is already logged in send the code and state
 			// and cookie session will already be rolled over and set
@@ -240,7 +243,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}

 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code

 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
@@ -249,6 +252,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"scope":        scope,
 				"token_type":   "Bearer",
 				"expires_in":   expiresIn,
+				"code":         code,
 			}

 			if authToken.RefreshToken != nil {
Author	SHA1	Message	Date
Lakhan Samani	89f08b6d31	fix: redirect from app	2022-10-19 12:20:22 +05:30
Lakhan Samani	cc23784df8	fix: add code to login query params	2022-10-19 12:01:34 +05:30
Lakhan Samani	7ff3b3018a	fix: add code to query params	2022-10-19 11:29:49 +05:30
Lakhan Samani	2b52932e98	fix: add code to other response methods	2022-10-19 09:03:00 +05:30