starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-17 02:33:02 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

feat: add support for OAuth 2.0 Authorization Server Issuer Identification

Browse Source
This commit is contained in:
Elias Schneider
2025-07-06 15:29:26 +02:00
parent 49f1ab2f75
commit bf042563e9
5 changed files with 22 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/internal/controller/oidc_controller.go
View File

@@ -89,6 +89,7 @@ func (oc *OidcController) authorizeHandler(c *gin.Context) {
response := dto.AuthorizeOidcClientResponseDto{ response := dto.AuthorizeOidcClientResponseDto{
Code: code, Code: code,
CallbackURL: callbackURL, CallbackURL: callbackURL,
Issuer: common.EnvConfig.AppURL,
} }
c.JSON(http.StatusOK, response) c.JSON(http.StatusOK, response)

1
backend/internal/controller/well_known_controller.go
View File

@@ -83,6 +83,7 @@ func (wkc *WellKnownController) computeOIDCConfiguration() ([]byte, error) {
"response_types_supported": []string{"code", "id_token"}, "response_types_supported": []string{"code", "id_token"},
"subject_types_supported": []string{"public"}, "subject_types_supported": []string{"public"},
"id_token_signing_alg_values_supported": []string{alg.String()}, "id_token_signing_alg_values_supported": []string{alg.String()},
"authorization_response_iss_parameter_supported": true,
} }
return json.Marshal(config) return json.Marshal(config)
} }

1
backend/internal/dto/oidc_dto.go
View File

@@ -57,6 +57,7 @@ type AuthorizeOidcClientRequestDto struct {
type AuthorizeOidcClientResponseDto struct { type AuthorizeOidcClientResponseDto struct {
Code string `json:"code"` Code string `json:"code"`
CallbackURL string `json:"callbackURL"` CallbackURL string `json:"callbackURL"`
Issuer string `json:"issuer"`
} }
type AuthorizationRequiredDto struct { type AuthorizationRequiredDto struct {

1
frontend/src/lib/types/oidc.type.ts
View File

@@ -48,4 +48,5 @@ export type OidcDeviceCodeInfo = {
export type AuthorizeResponse = { export type AuthorizeResponse = {
code: string; code: string;
callbackURL: string; callbackURL: string;
issuer: string;
}; };

7
frontend/src/routes/authorize/+page.svelte
View File

@@ -57,8 +57,8 @@
await oidService await oidService
.authorize(client!.id, scope, callbackURL, nonce, codeChallenge, codeChallengeMethod) .authorize(client!.id, scope, callbackURL, nonce, codeChallenge, codeChallengeMethod)
.then(async ({ code, callbackURL }) => { .then(async ({ code, callbackURL, issuer }) => {
onSuccess(code, callbackURL); onSuccess(code, callbackURL, issuer);
}); });
} catch (e) { } catch (e) {
errorMessage = getWebauthnErrorMessage(e); errorMessage = getWebauthnErrorMessage(e);
@@ -66,12 +66,13 @@
} }
} }
function onSuccess(code: string, callbackURL: string) { function onSuccess(code: string, callbackURL: string, issuer: string) {
success = true; success = true;
setTimeout(() => { setTimeout(() => {
const redirectURL = new URL(callbackURL); const redirectURL = new URL(callbackURL);
redirectURL.searchParams.append('code', code); redirectURL.searchParams.append('code', code);
redirectURL.searchParams.append('state', authorizeState); redirectURL.searchParams.append('state', authorizeState);
redirectURL.searchParams.append('iss', issuer);
window.location.href = redirectURL.toString(); window.location.href = redirectURL.toString();
}, 1000); }, 1000);