fix: PAR parameters not respected by authorize page

This commit is contained in:
Elias Schneider
2026-06-05 11:39:14 +02:00
parent 212c574a68
commit 3d9d4de619
13 changed files with 252 additions and 87 deletions

View File

@@ -8,7 +8,8 @@ import type {
OidcClientUpdate,
OidcClientWithAllowedUserGroups,
OidcClientWithAllowedUserGroupsCount,
OidcDeviceCodeInfo
OidcDeviceCodeInfo,
OidcAuthorizeRequestInfo
} from '$lib/types/oidc.type';
import type { ScimServiceProvider } from '$lib/types/scim.type';
import { cachedOidcClientLogo } from '$lib/utils/cached-image-util';
@@ -53,6 +54,14 @@ class OidcService extends APIService {
return res.data as { authorizationRequired: boolean; scope: string };
};
getParRequestInfo = async (clientId: string, requestURI: string) => {
const res = await this.api.get('/oidc/par-request-info', {
params: { client_id: clientId, request_uri: requestURI }
});
return res.data as OidcAuthorizeRequestInfo;
};
listClients = async (options?: ListRequestOptions) => {
const res = await this.api.get('/oidc/clients', {
params: options

View File

@@ -73,3 +73,12 @@ export type AuthorizeResponse = {
export type AccessibleOidcClient = OidcClientMetaData & {
lastUsedAt: Date | null;
};
export type OidcAuthorizeRequestInfo = {
scope: string;
redirectURI: string;
state?: string;
nonce?: string;
responseMode?: string;
prompt?: string;
};

View File

@@ -3,20 +3,24 @@ import type { PageLoad } from './$types';
export const load: PageLoad = async ({ url }) => {
const clientId = url.searchParams.get('client_id');
const requestURI = url.searchParams.get('request_uri') || undefined;
const oidcService = new OidcService();
const client = await oidcService.getClientMetaData(clientId!);
const [client, parInfo] = await Promise.all([
oidcService.getClientMetaData(clientId!),
requestURI ? oidcService.getParRequestInfo(clientId!, requestURI) : undefined
]);
return {
scope: url.searchParams.get('scope')!,
nonce: url.searchParams.get('nonce') || undefined,
authorizeState: url.searchParams.get('state')!,
callbackURL: url.searchParams.get('redirect_uri')!,
scope: parInfo?.scope ?? url.searchParams.get('scope')!,
nonce: parInfo?.nonce ?? url.searchParams.get('nonce') ?? undefined,
authorizeState: parInfo?.state ?? url.searchParams.get('state')!,
callbackURL: parInfo?.redirectURI ?? url.searchParams.get('redirect_uri')!,
client,
codeChallenge: url.searchParams.get('code_challenge')!,
codeChallengeMethod: url.searchParams.get('code_challenge_method')!,
prompt: url.searchParams.get('prompt') || undefined,
responseMode: url.searchParams.get('response_mode') || undefined,
requestURI: url.searchParams.get('request_uri') || undefined
prompt: parInfo?.prompt ?? url.searchParams.get('prompt') ?? undefined,
responseMode: parInfo?.responseMode ?? url.searchParams.get('response_mode') ?? undefined,
requestURI
};
};