github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-11 10:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

wip: sid claim only required if frontchannel_logout_session_supported && frontchannel_logout_supported.

Browse Source
This commit is contained in:
ybelMekk
2022-01-22 15:03:54 +01:00
parent 6411f168e2
commit f5e5d842e6
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/router/handler_callback.go
View File

@@ -88,7 +88,10 @@ func (h *Handler) validateIDToken(idToken *openid.IDToken, loginCookie *openid.L
jwt.WithClaimValue("nonce", loginCookie.Nonce),
jwt.WithIssuer(h.Provider.GetOpenIDConfiguration().Issuer),
jwt.WithAcceptableSkew(5 * time.Second),
jwt.WithRequiredClaim("sid"),
}
if h.sidClaimRequired() {
validateOpts = append(validateOpts, jwt.WithRequiredClaim("sid"))
}
if len(h.Provider.GetClientConfiguration().GetACRValues()) > 0 {
@@ -107,3 +110,8 @@ func (h *Handler) validateIDToken(idToken *openid.IDToken, loginCookie *openid.L
return externalSessionID, nil
}
func (h *Handler) sidClaimRequired() bool {
config := h.Provider.GetOpenIDConfiguration()
return config.FrontchannelLogoutSupported && config.FrontchannelLogoutSessionSupported
}