Add support for nonce parameter

This commit is contained in:
Ivan R. 2024-10-17 17:47:23 +05:00
parent 6e3fac77f1
commit 401009bfdb
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
4 changed files with 23 additions and 8 deletions

View file

@ -1,8 +1,8 @@
defmodule Comfycamp.SSO.IDToken do defmodule Comfycamp.SSO.IDToken do
@derive Jason.Encoder @derive Jason.Encoder
defstruct [:iss, :sub, :aud, :exp, :iat, :email, :preferred_username] defstruct [:iss, :sub, :aud, :exp, :iat, :email, :preferred_username, :nonce]
def build_id_token(user, client_id) do def build_id_token(user, client_id, nonce) do
{_, now} = DateTime.now("Etc/UTC") {_, now} = DateTime.now("Etc/UTC")
issued_at = DateTime.to_unix(now) issued_at = DateTime.to_unix(now)
@ -18,7 +18,8 @@ defmodule Comfycamp.SSO.IDToken do
exp: expires_at, exp: expires_at,
iat: issued_at, iat: issued_at,
email: user.email, email: user.email,
preferred_username: user.username preferred_username: user.username,
nonce: nonce
} }
end end
end end

View file

@ -1,4 +1,8 @@
defmodule Comfycamp.SSO.OIDCCode do defmodule Comfycamp.SSO.OIDCCode do
@moduledoc """
Temporary code that may be exchanged for an access token.
"""
use Ecto.Schema use Ecto.Schema
import Ecto.Changeset import Ecto.Changeset
@ -10,6 +14,7 @@ defmodule Comfycamp.SSO.OIDCCode do
@primary_key {:value, :string, autogenerate: false} @primary_key {:value, :string, autogenerate: false}
schema "oidc_codes" do schema "oidc_codes" do
field :redirect_uri, :string field :redirect_uri, :string
field :nonce, :string
belongs_to :user, User belongs_to :user, User
belongs_to :oidc_app, OIDCApp, belongs_to :oidc_app, OIDCApp,
@ -23,9 +28,8 @@ defmodule Comfycamp.SSO.OIDCCode do
@doc false @doc false
def changeset(oidc_code, attrs) do def changeset(oidc_code, attrs) do
oidc_code oidc_code
|> cast(attrs, [:user_id, :oidc_app_id, :redirect_uri])
|> change(value: Rand.get_random_string(12)) |> change(value: Rand.get_random_string(12))
|> validate_required([:value, :user_id, :oidc_app_id, :redirect_uri]) |> cast(attrs, [:user_id, :oidc_app_id, :redirect_uri, :nonce])
|> validate_length(:value, min: 6, max: 255) |> validate_required([:user_id, :oidc_app_id, :redirect_uri])
end end
end end

View file

@ -56,7 +56,8 @@ defmodule ComfycampWeb.OauthController do
SSO.create_oidc_code(%{ SSO.create_oidc_code(%{
oidc_app_id: client_id, oidc_app_id: client_id,
user_id: conn.assigns.current_user.id, user_id: conn.assigns.current_user.id,
redirect_uri: redirect_uri redirect_uri: redirect_uri,
nonce: params["nonce"]
}) })
uri = build_redirect_uri(redirect_uri, code.value, params["state"]) uri = build_redirect_uri(redirect_uri, code.value, params["state"])
@ -88,7 +89,7 @@ defmodule ComfycampWeb.OauthController do
{access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user) {access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user)
id_token = IDToken.build_id_token(code.user, oidc_app.client_id) id_token = IDToken.build_id_token(code.user, oidc_app.client_id, code.nonce)
{:ok, signed_id_token} = Token.sign(id_token, client_secret) {:ok, signed_id_token} = Token.sign(id_token, client_secret)
render(conn, :token, render(conn, :token,

View file

@ -0,0 +1,9 @@
defmodule Comfycamp.Repo.Migrations.OidcNonce do
use Ecto.Migration
def change do
alter table(:oidc_codes) do
add :nonce, :string
end
end
end