Add support for nonce parameter

This commit is contained in:
Ivan R. 2024-10-17 17:47:23 +05:00
parent 6e3fac77f1
commit 401009bfdb
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
4 changed files with 23 additions and 8 deletions

View file

@ -1,8 +1,8 @@
defmodule Comfycamp.SSO.IDToken do
@derive Jason.Encoder
defstruct [:iss, :sub, :aud, :exp, :iat, :email, :preferred_username]
defstruct [:iss, :sub, :aud, :exp, :iat, :email, :preferred_username, :nonce]
def build_id_token(user, client_id) do
def build_id_token(user, client_id, nonce) do
{_, now} = DateTime.now("Etc/UTC")
issued_at = DateTime.to_unix(now)
@ -18,7 +18,8 @@ defmodule Comfycamp.SSO.IDToken do
exp: expires_at,
iat: issued_at,
email: user.email,
preferred_username: user.username
preferred_username: user.username,
nonce: nonce
}
end
end

View file

@ -1,4 +1,8 @@
defmodule Comfycamp.SSO.OIDCCode do
@moduledoc """
Temporary code that may be exchanged for an access token.
"""
use Ecto.Schema
import Ecto.Changeset
@ -10,6 +14,7 @@ defmodule Comfycamp.SSO.OIDCCode do
@primary_key {:value, :string, autogenerate: false}
schema "oidc_codes" do
field :redirect_uri, :string
field :nonce, :string
belongs_to :user, User
belongs_to :oidc_app, OIDCApp,
@ -23,9 +28,8 @@ defmodule Comfycamp.SSO.OIDCCode do
@doc false
def changeset(oidc_code, attrs) do
oidc_code
|> cast(attrs, [:user_id, :oidc_app_id, :redirect_uri])
|> change(value: Rand.get_random_string(12))
|> validate_required([:value, :user_id, :oidc_app_id, :redirect_uri])
|> validate_length(:value, min: 6, max: 255)
|> cast(attrs, [:user_id, :oidc_app_id, :redirect_uri, :nonce])
|> validate_required([:user_id, :oidc_app_id, :redirect_uri])
end
end

View file

@ -56,7 +56,8 @@ defmodule ComfycampWeb.OauthController do
SSO.create_oidc_code(%{
oidc_app_id: client_id,
user_id: conn.assigns.current_user.id,
redirect_uri: redirect_uri
redirect_uri: redirect_uri,
nonce: params["nonce"]
})
uri = build_redirect_uri(redirect_uri, code.value, params["state"])
@ -88,7 +89,7 @@ defmodule ComfycampWeb.OauthController do
{access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user)
id_token = IDToken.build_id_token(code.user, oidc_app.client_id)
id_token = IDToken.build_id_token(code.user, oidc_app.client_id, code.nonce)
{:ok, signed_id_token} = Token.sign(id_token, client_secret)
render(conn, :token,

View file

@ -0,0 +1,9 @@
defmodule Comfycamp.Repo.Migrations.OidcNonce do
use Ecto.Migration
def change do
alter table(:oidc_codes) do
add :nonce, :string
end
end
end