devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: remove access_token & id_token from query string

Browse Source
This commit is contained in:
Lakhan Samani
2023-12-30 21:19:44 +05:30
parent ef2a590608
commit ade676f92c
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/handlers/oauth_callback.go
View File

@@ -7,7 +7,6 @@ import (
"fmt"
"io"
"net/http"
"strconv"
"strings"
"time"
@@ -248,8 +247,9 @@ func OAuthCallbackHandler() gin.HandlerFunc {
expiresIn = 1
}
params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
// params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
// Note: If OIDC breaks in the future, use the above params
params := "state=" + stateValue + "&nonce=" + nonce
if code != "" {
params += "&code=" + code
}