devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: pkce flow for oauth login

Browse Source
This commit is contained in:
Lakhan Samani
2024-01-08 14:21:24 +05:30
parent 3bd3a52d3b
commit e5fbaa26e1
4 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/handlers/authorize.go
View File

@@ -123,7 +123,7 @@ func AuthorizeHandler() gin.HandlerFunc {
// TODO add state with timeout
// used for response mode query or fragment
authState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
authState := "state=" + state + "&scope=" + scopeString + "&redirect_uri=" + redirectURI
if responseType == constants.ResponseTypeCode {
authState += "&code=" + code
if err := memorystore.Provider.SetState(state, code+"@@"+codeChallenge); err != nil {

11
server/handlers/oauth_callback.go
View File

@@ -53,7 +53,16 @@ func OAuthCallbackHandler() gin.HandlerFunc {
stateValue := sessionSplit[0]
redirectURL := sessionSplit[1]
inputRoles := strings.Split(sessionSplit[2], ",")
scopes := strings.Split(sessionSplit[3], ",")
scopeString := sessionSplit[3]
scopes := []string{}
if scopeString != "" {
if strings.Contains(scopeString, ",") {
scopes = strings.Split(scopeString, ",")
}
if strings.Contains(scopeString, " ") {
scopes = strings.Split(scopeString, " ")
}
}
var user *models.User
oauthCode := ctx.Request.FormValue("code")
if oauthCode == "" {

9
server/handlers/token.go
View File

@@ -3,6 +3,7 @@ package handlers
import (
"crypto/sha256"
"encoding/base64"
"fmt"
"net/http"
"strings"
"time"
@@ -105,7 +106,7 @@ func TokenHandler() gin.HandlerFunc {
if codeVerifier == "" && clientSecret == "" {
gc.JSON(http.StatusBadRequest, gin.H{
"error": "invalid_dat",
"error": "invalid_data",
"error_description": "The code verifier or client secret is required",
})
return
@@ -263,12 +264,14 @@ func TokenHandler() gin.HandlerFunc {
"roles": roles,
"expires_in": expiresIn,
}
fmt.Println("=> scopes:", scope)
fmt.Println("=> refreshToken:", authToken.RefreshToken)
if authToken.RefreshToken != nil {
log.Debug("Refresh token is present: ", fmt.Sprintf("%s:%s", sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint))
res["refresh_token"] = authToken.RefreshToken.Token
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
}
fmt.Printf("=> res %v", res)
gc.JSON(http.StatusOK, res)
}
}