Revert "fix(oidc): temporarily disable pkce"
All checks were successful
continuous-integration/drone/push Build is passing

This reverts commit ed9559efe5.
This commit is contained in:
Erki Aas 2024-03-26 15:27:58 +02:00
parent ed9559efe5
commit 6cecbec592
2 changed files with 8 additions and 0 deletions

View File

@ -33,12 +33,18 @@ export class AuthOidcService<ServiceParams extends AuthOidcParams = AuthOidcPara
id_token_signed_response_alg: config.get('oidc.signedResponseAlg'),
token_endpoint_auth_method: config.get('oidc.authMethod'),
});
const codeVerifier = generators.codeVerifier();
const codeChallenge = generators.codeChallenge(codeVerifier);
const url = client.authorizationUrl({
redirect_uri: config.get('clientUrl') + '/auth-oidc/callback',
scope: config.get('oidc.scopes'),
response_type: config.get('oidc.responseTypes'),
code_challenge: codeChallenge,
code_challenge_method: config.get('oidc.codeChallengeMethod'),
});
params.session.codeVerifier = codeVerifier;
return url;
}
}

View File

@ -37,9 +37,11 @@ export class AuthOidcCallbackService<ServiceParams extends AuthOidcCallbackParam
response_types: ['code'],
});
const codeVerifier = params.session.codeVerifier;
const tokenSet = await client.callback(
config.get('clientUrl') + '/auth-oidc/callback',
{ code: params.query.code, iss: params.query.iss },
{ code_verifier: codeVerifier }
);
const userinfo = await client.userinfo(tokenSet.access_token as string);