fix: other auth recipes for oidc idp + remove logs
This commit is contained in:
Lakhan Samani
@@ -100,8 +100,29 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||
loginMethod = constants.AuthRecipeMethodMagicLinkLogin
|
||||
}
|
||||
|
||||
nonce := uuid.New().String()
|
||||
authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, "")
|
||||
code := ""
|
||||
// Not required as /oauth/token cannot be resumed from other tab
|
||||
// codeChallenge := ""
|
||||
nonce := ""
|
||||
if state != "" {
|
||||
// Get state from store
|
||||
authorizeState, _ := memorystore.Provider.GetState(state)
|
||||
if authorizeState != "" {
|
||||
authorizeStateSplit := strings.Split(authorizeState, "@@")
|
||||
if len(authorizeStateSplit) > 1 {
|
||||
code = authorizeStateSplit[0]
|
||||
// Not required as /oauth/token cannot be resumed from other tab
|
||||
// codeChallenge = authorizeStateSplit[1]
|
||||
} else {
|
||||
nonce = authorizeState
|
||||
}
|
||||
go memorystore.Provider.RemoveState(state)
|
||||
}
|
||||
}
|
||||
if nonce == "" {
|
||||
nonce = uuid.New().String()
|
||||
}
|
||||
authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, code)
|
||||
if err != nil {
|
||||
log.Debug("Error creating auth token: ", err)
|
||||
errorRes["error_description"] = err.Error()
|
||||
@@ -109,12 +130,27 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
// Code challenge could be optional if PKCE flow is not used
|
||||
// Not required as /oauth/token cannot be resumed from other tab
|
||||
// if code != "" {
|
||||
// if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
|
||||
// log.Debug("Error setting code state ", err)
|
||||
// errorRes["error_description"] = err.Error()
|
||||
// c.JSON(500, errorRes)
|
||||
// return
|
||||
// }
|
||||
// }
|
||||
|
||||
expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
|
||||
if expiresIn <= 0 {
|
||||
expiresIn = 1
|
||||
}
|
||||
|
||||
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
|
||||
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
|
||||
|
||||
if code != "" {
|
||||
params += "&code=" + code
|
||||
}
|
||||
|
||||
sessionKey := loginMethod + ":" + user.ID
|
||||
cookie.SetSession(c, authToken.FingerPrintHash)
|
||||
|
||||
Reference in New Issue
Block a user