Compare commits
8 Commits
1.1.21.bet
...
1.1.21.bet
| Author | SHA1 | Date | |
|---|---|---|---|
|
a68876a6f4 | ||
|
|
2c867b0314 | ||
|
|
74b858ac24 | ||
|
|
fedc3173fe | ||
|
|
de4381261e | ||
|
|
a916b8c32c | ||
|
|
89f08b6d31 | ||
|
|
cc23784df8 |
@@ -38,6 +38,7 @@ export default function Root({
|
|||||||
const scope = searchParams.get('scope')
|
const scope = searchParams.get('scope')
|
||||||
? searchParams.get('scope')?.toString().split(' ')
|
? searchParams.get('scope')?.toString().split(' ')
|
||||||
: ['openid', 'profile', 'email'];
|
: ['openid', 'profile', 'email'];
|
||||||
|
const code = searchParams.get('code') || ''
|
||||||
|
|
||||||
const urlProps: Record<string, any> = {
|
const urlProps: Record<string, any> = {
|
||||||
state,
|
state,
|
||||||
@@ -58,9 +59,15 @@ export default function Root({
|
|||||||
if (token) {
|
if (token) {
|
||||||
let redirectURL = config.redirectURL || '/app';
|
let redirectURL = config.redirectURL || '/app';
|
||||||
let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
|
let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
|
||||||
|
|
||||||
|
if (code !== '') {
|
||||||
|
params += `&code=${code}`
|
||||||
|
}
|
||||||
|
|
||||||
if (token.refresh_token) {
|
if (token.refresh_token) {
|
||||||
params += `&refresh_token=${token.refresh_token}`;
|
params += `&refresh_token=${token.refresh_token}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
const url = new URL(redirectURL);
|
const url = new URL(redirectURL);
|
||||||
if (redirectURL.includes('?')) {
|
if (redirectURL.includes('?')) {
|
||||||
redirectURL = `${redirectURL}&${params}`;
|
redirectURL = `${redirectURL}&${params}`;
|
||||||
|
|||||||
@@ -42,6 +42,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||||||
scopeString := strings.TrimSpace(gc.Query("scope"))
|
scopeString := strings.TrimSpace(gc.Query("scope"))
|
||||||
clientID := strings.TrimSpace(gc.Query("client_id"))
|
clientID := strings.TrimSpace(gc.Query("client_id"))
|
||||||
responseMode := strings.TrimSpace(gc.Query("response_mode"))
|
responseMode := strings.TrimSpace(gc.Query("response_mode"))
|
||||||
|
nonce := strings.TrimSpace(gc.Query("nonce"))
|
||||||
|
|
||||||
var scope []string
|
var scope []string
|
||||||
if scopeString == "" {
|
if scopeString == "" {
|
||||||
@@ -77,8 +78,14 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||||||
"redirect_uri": redirectURI,
|
"redirect_uri": redirectURI,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
code := uuid.New().String()
|
||||||
|
if nonce == "" {
|
||||||
|
nonce = uuid.New().String()
|
||||||
|
}
|
||||||
|
memorystore.Provider.SetState(codeChallenge, code)
|
||||||
|
|
||||||
// used for response mode query or fragment
|
// used for response mode query or fragment
|
||||||
loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
|
loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
|
||||||
loginURL := "/app?" + loginState
|
loginURL := "/app?" + loginState
|
||||||
|
|
||||||
if responseMode == constants.ResponseModeFragment {
|
if responseMode == constants.ResponseModeFragment {
|
||||||
@@ -147,7 +154,6 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||||||
sessionKey = claims.LoginMethod + ":" + user.ID
|
sessionKey = claims.LoginMethod + ":" + user.ID
|
||||||
}
|
}
|
||||||
|
|
||||||
nonce := uuid.New().String()
|
|
||||||
newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
|
newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("CreateSessionToken failed: ", err)
|
log.Debug("CreateSessionToken failed: ", err)
|
||||||
@@ -155,7 +161,6 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
code := uuid.New().String()
|
|
||||||
if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
|
if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
|
||||||
log.Debug("SetState failed: ", err)
|
log.Debug("SetState failed: ", err)
|
||||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||||
|
|||||||
@@ -17,14 +17,14 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
|
|||||||
c.JSON(200, gin.H{
|
c.JSON(200, gin.H{
|
||||||
"issuer": issuer,
|
"issuer": issuer,
|
||||||
"authorization_endpoint": issuer + "/authorize",
|
"authorization_endpoint": issuer + "/authorize",
|
||||||
"token_endpoint": issuer + "/token",
|
"token_endpoint": issuer + "/oauth/token",
|
||||||
"userinfo_endpoint": issuer + "/userinfo",
|
"userinfo_endpoint": issuer + "/userinfo",
|
||||||
"jwks_uri": issuer + "/.well-known/jwks.json",
|
"jwks_uri": issuer + "/.well-known/jwks.json",
|
||||||
"response_types_supported": []string{"code", "token", "id_token"},
|
"response_types_supported": []string{"code", "token", "id_token"},
|
||||||
"scopes_supported": []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
|
"scopes_supported": []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
|
||||||
"response_modes_supported": []string{"query", "fragment", "form_post", "web_message"},
|
"response_modes_supported": []string{"query", "fragment", "form_post", "web_message"},
|
||||||
"id_token_signing_alg_values_supported": []string{jwtType},
|
"id_token_signing_alg_values_supported": []string{jwtType},
|
||||||
"claims_supported": []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
|
"claims_supported": []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce"},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -91,7 +91,7 @@ func GetDomainName(uri string) string {
|
|||||||
return host
|
return host
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetAppURL to get /app/ url if not configured by user
|
// GetAppURL to get /app url if not configured by user
|
||||||
func GetAppURL(gc *gin.Context) string {
|
func GetAppURL(gc *gin.Context) string {
|
||||||
envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
||||||
if envAppURL == "" || err != nil {
|
if envAppURL == "" || err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user