devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: add nonce

Browse Source
This commit is contained in:
Lakhan Samani
2022-10-19 19:04:15 +05:30
parent 89f08b6d31
commit a916b8c32c
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/handlers/authorize.go
View File

@@ -78,10 +78,11 @@ func AuthorizeHandler() gin.HandlerFunc {
})
code := uuid.New().String()
nonce := uuid.New().String()
memorystore.Provider.SetState(codeChallenge, code)
// used for response mode query or fragment
loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code + "&nonce=" + nonce
loginURL := "/app?" + loginState
if responseMode == constants.ResponseModeFragment {
@@ -150,7 +151,6 @@ func AuthorizeHandler() gin.HandlerFunc {
sessionKey = claims.LoginMethod + ":" + user.ID
}
nonce := uuid.New().String()
newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
if err != nil {
log.Debug("CreateSessionToken failed: ", err)
@@ -188,7 +188,7 @@ func AuthorizeHandler() gin.HandlerFunc {
// },
// })
params := "code=" + code + "&state=" + state
params := "code=" + code + "&state=" + state + "&nonce=" + nonce
if responseMode == constants.ResponseModeQuery {
if strings.Contains(redirectURI, "?") {
redirectURI = redirectURI + "&" + params
@@ -243,7 +243,7 @@ func AuthorizeHandler() gin.HandlerFunc {
}
// used of query mode
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code + "&nonce=" + nonce
res := map[string]interface{}{
"access_token": authToken.AccessToken.Token,
@@ -253,6 +253,7 @@ func AuthorizeHandler() gin.HandlerFunc {
"token_type": "Bearer",
"expires_in": expiresIn,
"code": code,
"nonce": nonce,
}
if authToken.RefreshToken != nil {