open-source-mirrors
/
overseerr
mirror of https://github.com/sct/overseerr
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(oidc): use wellknown authorization endpoint

Browse Source
pull/2792/head
Jakob Ankarhem 2 years ago
parent 3dfc67a32b
commit 5886f83bed
No known key found for this signature in database
GPG Key ID: 149CBB661002B3BE
2 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File

15
server/routes/auth.ts
Unescape View File

@ -11,7 +11,7 @@ import { Router } from 'express';
import { import {
createJwtSchema, createJwtSchema,
getOIDCRedirectUrl, getOIDCRedirectUrl,
type WellKnownConfiguration, getOIDCWellknownConfiguration,
} from '@server/utils/oidc'; } from '@server/utils/oidc';
import { randomBytes } from 'crypto'; import { randomBytes } from 'crypto';
import gravatarUrl from 'gravatar-url'; import gravatarUrl from 'gravatar-url';
@ -416,7 +416,7 @@ authRoutes.post('/reset-password/:guid', async (req, res, next) => {
authRoutes.get('/oidc-login', async (req, res, next) => { authRoutes.get('/oidc-login', async (req, res, next) => {
const state = randomBytes(32).toString('hex'); const state = randomBytes(32).toString('hex');
const redirectUrl = getOIDCRedirectUrl(req, state); const redirectUrl = await getOIDCRedirectUrl(req, state);
res.cookie('oidc-state', state, { res.cookie('oidc-state', state, {
maxAge: 60000, maxAge: 60000,
@ -462,16 +462,7 @@ authRoutes.get('/oidc-callback', async (req, res, next) => {
return res.redirect('/login'); return res.redirect('/login');
} }
// Fetch the oidc configuration blob const wellKnownInfo = await getOIDCWellknownConfiguration(oidcDomain);
const wellKnownInfo: WellKnownConfiguration = await fetch(
new URL(
'/.well-known/openid-configuration',
`https://${oidcDomain}`
).toString(),
{
headers: new Headers([['Content-Type', 'application/json']]),
}
).then((r) => r.json());
// Fetch the token data // Fetch the token data
const callbackUrl = new URL( const callbackUrl = new URL(

21
server/utils/oidc.ts
Unescape View File

@ -2,12 +2,27 @@ import { getSettings } from '@server/lib/settings';
import type { Request } from 'express'; import type { Request } from 'express';
import * as yup from 'yup'; import * as yup from 'yup';
export function getOIDCRedirectUrl(req: Request, state: string) { /** Fetch the oidc configuration blob */
export async function getOIDCWellknownConfiguration(domain: string) {
const wellKnownInfo: WellKnownConfiguration = await fetch(
new URL(
'/.well-known/openid-configuration',
`https://${domain}`
).toString(),
{
headers: new Headers([['Content-Type', 'application/json']]),
}
).then((r) => r.json());
return wellKnownInfo;
}
export async function getOIDCRedirectUrl(req: Request, state: string) {
const settings = getSettings(); const settings = getSettings();
const { oidcDomain, oidcClientId } = settings.main; const { oidcDomain, oidcClientId } = settings.main;
const url = new URL(`https://${oidcDomain}`); const wellKnownInfo = await getOIDCWellknownConfiguration(oidcDomain);
url.pathname = '/authorize'; const url = new URL(wellKnownInfo.authorization_endpoint);
url.searchParams.set('response_type', 'code'); url.searchParams.set('response_type', 'code');
url.searchParams.set('client_id', oidcClientId); url.searchParams.set('client_id', oidcClientId);

Write Preview
Loading…
Cancel
Save