fix: comment

fix: issuer token endpoint
fix: binding
2022-10-19 23:55:47 +05:30 · 2022-10-19 23:41:08 +05:30 · 2022-10-19 23:39:48 +05:30 · 2022-10-19 23:36:33 +05:30 · 2022-10-19 23:17:13 +05:30 · 2022-10-19 19:04:15 +05:30
4 changed files with 18 additions and 6 deletions
--- a/app/src/Root.tsx
+++ b/app/src/Root.tsx
@@ -38,6 +38,7 @@ export default function Root({
 	const scope = searchParams.get('scope')
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
+	const code = searchParams.get('code') || ''

 	const urlProps: Record<string, any> = {
 		state,
@@ -58,9 +59,15 @@ export default function Root({
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
 			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
+
+			if (code !== '') {
+				params += `&code=${code}`
+			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
+
 			const url = new URL(redirectURL);
 			if (redirectURL.includes('?')) {
 				redirectURL = `${redirectURL}&${params}`;
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -42,6 +42,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 		scopeString := strings.TrimSpace(gc.Query("scope"))
 		clientID := strings.TrimSpace(gc.Query("client_id"))
 		responseMode := strings.TrimSpace(gc.Query("response_mode"))
+		nonce := strings.TrimSpace(gc.Query("nonce"))

 		var scope []string
 		if scopeString == "" {
@@ -77,8 +78,14 @@ func AuthorizeHandler() gin.HandlerFunc {
 			"redirect_uri":   redirectURI,
 		})

+		code := uuid.New().String()
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+		memorystore.Provider.SetState(codeChallenge, code)
+
 		// used for response mode query or fragment
-		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
 		loginURL := "/app?" + loginState

 		if responseMode == constants.ResponseModeFragment {
@@ -147,7 +154,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionKey = claims.LoginMethod + ":" + user.ID
 		}

-		nonce := uuid.New().String()
 		newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
 		if err != nil {
 			log.Debug("CreateSessionToken failed: ", err)
@@ -155,7 +161,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			return
 		}

-		code := uuid.New().String()
 		if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
 			log.Debug("SetState failed: ", err)
 			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
--- a/server/handlers/openid_config.go
+++ b/server/handlers/openid_config.go
@@ -17,14 +17,14 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 		c.JSON(200, gin.H{
 			"issuer":                                issuer,
 			"authorization_endpoint":                issuer + "/authorize",
-			"token_endpoint":                        issuer + "/token",
+			"token_endpoint":                        issuer + "/oauth/token",
 			"userinfo_endpoint":                     issuer + "/userinfo",
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
 			"response_types_supported":              []string{"code", "token", "id_token"},
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
 			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
-			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
+			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce"},
 		})
 	}
 }
--- a/server/parsers/url.go
+++ b/server/parsers/url.go
@@ -91,7 +91,7 @@ func GetDomainName(uri string) string {
 	return host
 }

-// GetAppURL to get /app/ url if not configured by user
+// GetAppURL to get /app url if not configured by user
 func GetAppURL(gc *gin.Context) string {
 	envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
 	if envAppURL == "" || err != nil {
Author	SHA1	Message	Date
Lakhan Samani	a68876a6f4	fix: comment	2022-10-19 23:55:47 +05:30
Lakhan Samani	2c867b0314	fix: issuer token endpoint	2022-10-19 23:41:08 +05:30
Lakhan Samani	74b858ac24	fix: binding	2022-10-19 23:39:48 +05:30
Lakhan Samani	fedc3173fe	fix: get nonce from query request if possible	2022-10-19 23:36:33 +05:30
Lakhan Samani	de4381261e	fix: add nonce to supported claims	2022-10-19 23:17:13 +05:30
Lakhan Samani	a916b8c32c	fix: add nonce	2022-10-19 19:04:15 +05:30
Lakhan Samani	89f08b6d31	fix: redirect from app	2022-10-19 12:20:22 +05:30
Lakhan Samani	cc23784df8	fix: add code to login query params	2022-10-19 12:01:34 +05:30