starred/yaak-mountain-loop
1
0
Fork 0
mirror of https://github.com/mountain-loop/yaak.git synced 2026-04-19 15:21:23 +02:00
Code Issues 8 Packages Projects Releases 10 Wiki Activity

Support id_token for OAuth 2.0

Browse Source 
https://feedback.yaak.app/p/unable-to-use-idtoken-for-auth-in-authorization-code-oauth2
This commit is contained in:
Gregory Schier
2025-05-30 08:02:29 -07:00
parent 1e27e1d8cb
commit b52570bf58
8 changed files with 126 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/auth-oauth2/src/grants/authorizationCode.ts
View File

@@ -22,6 +22,7 @@ export async function getAuthorizationCode(
audience,
credentialsInBody,
pkce,
tokenName,
}: {
authorizationUrl: string;
accessTokenUrl: string;
@@ -36,6 +37,7 @@ export async function getAuthorizationCode(
challengeMethod: string | null;
codeVerifier: string | null;
} | null;
tokenName: 'access_token' | 'id_token';
},
): Promise<AccessToken> {
const token = await getOrRefreshAccessToken(ctx, contextId, {
@@ -59,7 +61,10 @@ export async function getAuthorizationCode(
if (pkce) {
const verifier = pkce.codeVerifier || createPkceCodeVerifier();
const challengeMethod = pkce.challengeMethod || DEFAULT_PKCE_METHOD;
authorizationUrl.searchParams.set('code_challenge', createPkceCodeChallenge(verifier, challengeMethod));
authorizationUrl.searchParams.set(
'code_challenge',
createPkceCodeChallenge(verifier, challengeMethod),
);
authorizationUrl.searchParams.set('code_challenge_method', challengeMethod);
}
@@ -107,7 +112,7 @@ export async function getAuthorizationCode(
});
try {
resolve(await storeToken(ctx, contextId, response));
resolve(await storeToken(ctx, contextId, response, tokenName));
} catch (err) {
reject(err);
}
@@ -127,14 +132,15 @@ function createPkceCodeChallenge(verifier: string, method: string) {
const hash = encodeForPkce(createHash('sha256').update(verifier).digest());
return hash
.replace(/=/g, '') // Remove padding '='
.replace(/=/g, '') // Remove padding '='
.replace(/\+/g, '-') // Replace '+' with '-'
.replace(/\//g, '_'); // Replace '/' with '_'
}
function encodeForPkce(bytes: Buffer) {
return bytes.toString('base64')
.replace(/=/g, '') // Remove padding '='
return bytes
.toString('base64')
.replace(/=/g, '') // Remove padding '='
.replace(/\+/g, '-') // Replace '+' with '-'
.replace(/\//g, '_'); // Replace '/' with '_'
}

11
plugins/auth-oauth2/src/grants/implicit.ts
View File

@@ -12,6 +12,7 @@ export function getImplicit(
scope,
state,
audience,
tokenName,
}: {
authorizationUrl: string;
responseType: string;
@@ -20,8 +21,9 @@ export function getImplicit(
scope: string | null;
state: string | null;
audience: string | null;
tokenName: 'access_token' | 'id_token';
},
) :Promise<AccessToken> {
): Promise<AccessToken> {
return new Promise(async (resolve, reject) => {
const token = await getToken(ctx, contextId);
if (token) {
@@ -38,7 +40,10 @@ export function getImplicit(
if (state) authorizationUrl.searchParams.set('state', state);
if (audience) authorizationUrl.searchParams.set('audience', audience);
if (responseType.includes('id_token')) {
authorizationUrl.searchParams.set('nonce', String(Math.floor(Math.random() * 9999999999999) + 1));
authorizationUrl.searchParams.set(
'nonce',
String(Math.floor(Math.random() * 9999999999999) + 1),
);
}
const authorizationUrlStr = authorizationUrl.toString();
@@ -60,7 +65,7 @@ export function getImplicit(
const hash = url.hash.slice(1);
const params = new URLSearchParams(hash);
const accessToken = params.get('access_token');
const accessToken = params.get(tokenName);
if (!accessToken) {
return;
}