github/skooner
1
0
Fork 0
mirror of https://github.com/skooner-k8s/skooner.git synced 2026-02-14 17:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

add OIDC_CODE_CHALLENGE

Browse Source
This commit is contained in:
Yuqiu Wang
2023-09-12 16:36:30 -05:00
parent 0fe9f0705e
commit bc0abd6b38
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/index.js
View File

@@ -13,6 +13,7 @@ const OIDC_CLIENT_ID = process.env.OIDC_CLIENT_ID;
const OIDC_SECRET = process.env.OIDC_SECRET;
const OIDC_URL = process.env.OIDC_URL;
const OIDC_SCOPES = process.env.OIDC_SCOPES || 'openid email';
const OIDC_CODE_CHALLENGE = process.env.OIDC_CODE_CHALLENGE || '';
const OIDC_CODE_CHALLENGE_METHOD = process.env.OIDC_CODE_CHALLENGE_METHOD || 'plain';
const OIDC_METADATA = JSON.parse(process.env.OIDC_METADATA || '{}');
const clientMetadata = Object.assign({client_id: OIDC_CLIENT_ID, client_secret: OIDC_SECRET}, OIDC_METADATA);
@@ -131,7 +132,18 @@ async function getOidcEndpoint() {
if (!OIDC_URL) return;
const provider = await getOidcProvider();
return provider.authorizationUrl({scope: OIDC_SCOPES, code_challenge_method: OIDC_CODE_CHALLENGE_METHOD});
const isUsePKCE = OIDC_CODE_CHALLENGE !== "" && OIDC_CODE_CHALLENGE_METHOD === "S256"
let authParams = {
scope: OIDC_SCOPES,
}
if (isUsePKCE) {
authParams = {
...authParams,
code_challenge: OIDC_CODE_CHALLENGE,
code_challenge_method: OIDC_CODE_CHALLENGE_METHOD
}
}
return provider.authorizationUrl(authParams);
}
async function oidcAuthenticate(code, redirectUri) {