take into account nonce in openid
This commit is contained in:
parent
3c5706fb16
commit
e6d8815ac5
|
@ -263,7 +263,6 @@ def authorize():
|
||||||
|
|
||||||
auth_code = None
|
auth_code = None
|
||||||
if ResponseType.CODE in response_types:
|
if ResponseType.CODE in response_types:
|
||||||
# Create authorization code
|
|
||||||
auth_code = AuthorizationCode.create(
|
auth_code = AuthorizationCode.create(
|
||||||
client_id=client.id,
|
client_id=client.id,
|
||||||
user_id=current_user.id,
|
user_id=current_user.id,
|
||||||
|
@ -271,9 +270,8 @@ def authorize():
|
||||||
scope=scope,
|
scope=scope,
|
||||||
redirect_uri=redirect_uri,
|
redirect_uri=redirect_uri,
|
||||||
response_type=response_types_to_str(response_types),
|
response_type=response_types_to_str(response_types),
|
||||||
nonce=nonce
|
nonce=nonce,
|
||||||
)
|
)
|
||||||
db.session.add(auth_code)
|
|
||||||
redirect_args["code"] = auth_code.code
|
redirect_args["code"] = auth_code.code
|
||||||
|
|
||||||
oauth_token = None
|
oauth_token = None
|
||||||
|
|
|
@ -69,12 +69,6 @@ def token():
|
||||||
access_token=generate_access_token(),
|
access_token=generate_access_token(),
|
||||||
response_type=auth_code.response_type,
|
response_type=auth_code.response_type,
|
||||||
)
|
)
|
||||||
db.session.add(oauth_token)
|
|
||||||
|
|
||||||
# Auth code can be used only once
|
|
||||||
AuthorizationCode.delete(auth_code.id)
|
|
||||||
|
|
||||||
db.session.commit()
|
|
||||||
|
|
||||||
client_user: ClientUser = ClientUser.get_by(
|
client_user: ClientUser = ClientUser.get_by(
|
||||||
client_id=auth_code.client_id, user_id=auth_code.user_id
|
client_id=auth_code.client_id, user_id=auth_code.user_id
|
||||||
|
@ -96,7 +90,12 @@ def token():
|
||||||
# Also return id_token if the initial flow is "code,id_token"
|
# Also return id_token if the initial flow is "code,id_token"
|
||||||
# cf https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660
|
# cf https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660
|
||||||
response_types = get_response_types_from_str(auth_code.response_type)
|
response_types = get_response_types_from_str(auth_code.response_type)
|
||||||
if ResponseType.ID_TOKEN in response_types:
|
if ResponseType.ID_TOKEN in response_types or auth_code.scope == "openid":
|
||||||
res["id_token"] = make_id_token(client_user)
|
res["id_token"] = make_id_token(client_user, nonce=auth_code.nonce)
|
||||||
|
|
||||||
|
# Auth code can be used only once
|
||||||
|
AuthorizationCode.delete(auth_code.id)
|
||||||
|
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
return jsonify(res)
|
return jsonify(res)
|
||||||
|
|
Loading…
Reference in New Issue