Revert "fix(oidc): temporarily disable pkce"
All checks were successful
continuous-integration/drone/push Build is passing

This reverts commit ed9559efe5.
This commit is contained in:
Erki Aas 2024-03-26 15:27:58 +02:00
parent ed9559efe5
commit 6cecbec592
2 changed files with 8 additions and 0 deletions

View File

@ -33,12 +33,18 @@ export class AuthOidcService<ServiceParams extends AuthOidcParams = AuthOidcPara
id_token_signed_response_alg: config.get('oidc.signedResponseAlg'), id_token_signed_response_alg: config.get('oidc.signedResponseAlg'),
token_endpoint_auth_method: config.get('oidc.authMethod'), token_endpoint_auth_method: config.get('oidc.authMethod'),
}); });
const codeVerifier = generators.codeVerifier();
const codeChallenge = generators.codeChallenge(codeVerifier);
const url = client.authorizationUrl({ const url = client.authorizationUrl({
redirect_uri: config.get('clientUrl') + '/auth-oidc/callback', redirect_uri: config.get('clientUrl') + '/auth-oidc/callback',
scope: config.get('oidc.scopes'), scope: config.get('oidc.scopes'),
response_type: config.get('oidc.responseTypes'), response_type: config.get('oidc.responseTypes'),
code_challenge: codeChallenge,
code_challenge_method: config.get('oidc.codeChallengeMethod'),
}); });
params.session.codeVerifier = codeVerifier;
return url; return url;
} }
} }

View File

@ -37,9 +37,11 @@ export class AuthOidcCallbackService<ServiceParams extends AuthOidcCallbackParam
response_types: ['code'], response_types: ['code'],
}); });
const codeVerifier = params.session.codeVerifier;
const tokenSet = await client.callback( const tokenSet = await client.callback(
config.get('clientUrl') + '/auth-oidc/callback', config.get('clientUrl') + '/auth-oidc/callback',
{ code: params.query.code, iss: params.query.iss }, { code: params.query.code, iss: params.query.iss },
{ code_verifier: codeVerifier }
); );
const userinfo = await client.userinfo(tokenSet.access_token as string); const userinfo = await client.userinfo(tokenSet.access_token as string);