fix: other auth recipes for oidc idp + remove logs

2022-11-15 21:45:08 +05:30
parent 579899c397
commit 75a547cfe2
12 changed files with 248 additions and 117 deletions
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -141,10 +141,9 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		}, nil
 	}

-	nonce := uuid.New().String()
-	fmt.Println("=> state", refs.StringValue(params.State))
 	code := ""
 	codeChallenge := ""
+	nonce := ""
 	if params.State != nil {
 		// Get state from store
 		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
@@ -153,8 +152,6 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 			if len(authorizeStateSplit) > 1 {
 				code = authorizeStateSplit[0]
 				codeChallenge = authorizeStateSplit[1]
-
-				fmt.Println("=> code info", authorizeStateSplit)
 			} else {
 				nonce = authorizeState
 			}
@@ -162,12 +159,25 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		}
 	}

+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
 	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, code)
 	if err != nil {
 		log.Debug("Failed to create auth token", err)
 		return res, err
 	}

+	// TODO add to other login options as well
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
 	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 	if expiresIn <= 0 {
 		expiresIn = 1
@@ -185,15 +195,6 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	sessionStoreKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
 	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
 	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
-	// TODO add to other login options as well
-	// Code challenge could be optional if PKCE flow is not used
-	if code != "" {
-		fmt.Println("=> setting the state here....")
-		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
-			log.Debug("SetState failed: ", err)
-			return res, err
-		}
-	}

 	if authToken.RefreshToken != nil {
 		res.RefreshToken = &authToken.RefreshToken.Token