Add support for Authorization header during code exchange
This commit is contained in:
parent
c9668ff1ef
commit
fbb33369a8
1 changed files with 22 additions and 6 deletions
|
@ -77,12 +77,9 @@ defmodule ComfycampWeb.OauthController do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def token(conn, %{
|
def token(conn, params = %{"code" => code_value, "redirect_uri" => redirect_uri}) do
|
||||||
"code" => code_value,
|
{:ok, client_id, client_secret} = get_client_info(conn, params)
|
||||||
"redirect_uri" => redirect_uri,
|
|
||||||
"client_id" => client_id,
|
|
||||||
"client_secret" => client_secret
|
|
||||||
}) do
|
|
||||||
# Check that code is still valid and redirect uri has not been altered.
|
# Check that code is still valid and redirect uri has not been altered.
|
||||||
%OIDCCode{redirect_uri: ^redirect_uri} = code = SSO.get_oidc_code!(code_value)
|
%OIDCCode{redirect_uri: ^redirect_uri} = code = SSO.get_oidc_code!(code_value)
|
||||||
|
|
||||||
|
@ -112,6 +109,25 @@ defmodule ComfycampWeb.OauthController do
|
||||||
render(conn, :openid_discovery)
|
render(conn, :openid_discovery)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Extract client id and client secret from request parameters or headers.
|
||||||
|
Returns {:ok, "client_id", "client_secret"} on success.
|
||||||
|
"""
|
||||||
|
def get_client_info(_conn, %{"client_id" => client_id, "client_secret" => client_secret}) do
|
||||||
|
{:ok, client_id, client_secret}
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_client_info(conn, _params) do
|
||||||
|
with [header] <- Plug.Conn.get_req_header(conn, "authorization"),
|
||||||
|
"Basic " <> b64 <- header,
|
||||||
|
{:ok, keys} <- Base.decode64(b64),
|
||||||
|
[client_id, client_secret] <- String.split(keys, ":") do
|
||||||
|
{:ok, client_id, client_secret}
|
||||||
|
else
|
||||||
|
_ -> {:error, "Invalid Authorization header"}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp build_redirect_uri(redirect_uri, code, state) do
|
defp build_redirect_uri(redirect_uri, code, state) do
|
||||||
parsed_uri = URI.parse(redirect_uri)
|
parsed_uri = URI.parse(redirect_uri)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue