Rollback openid connect to use code and nonce

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
2021-11-09 00:08:01 +01:00 · 2021-11-09 00:08:01 +01:00 · 89baafba2f
parent 4c028bfcb3
commit 89baafba2f
2 changed files with 17 additions and 9 deletions
--- a/front/src/Connexion/LocalUserStore.ts
+++ b/front/src/Connexion/LocalUserStore.ts
@ -165,6 +165,10 @@ class LocalUserStore {
    verifyState(value: string): boolean {
        const oldValue = localStorage.getItem(state);
        if (!oldValue) {
            localStorage.setItem(state, value);
            return true;
        }
        return oldValue === value;
    }
    getState(): string | null {
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@ -23,26 +23,30 @@ class OpenIDClient {
        return this.issuerPromise;
    }
-    public authorizationUrl(playUri?: string, redirect?: string) {
+    public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
        return this.initClient().then((client) => {
            return client.authorizationUrl({
                scope: "openid email",
                prompt: "login",
                state: state,
                nonce: nonce,
                playUri: playUri,
                redirect: redirect,
            });
        });
    }
-    public getUserInfo(accessToken: string): Promise<{ email: string; sub: string; access_token: string }> {
+    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
        return this.initClient().then((client) => {
-            return client.userinfo(accessToken).then((res) => {
+            return client.callback(OPID_CLIENT_REDIREC_URL, { code }, { nonce }).then((tokenSet) => {
-                return {
+                return client.userinfo(tokenSet).then((res) => {
-                    ...res,
+                    return {
-                    email: res.email as string,
+                        ...res,
-                    sub: res.sub,
+                        email: res.email as string,
-                    access_token: accessToken as string,
+                        sub: res.sub,
-                };
+                        access_token: tokenSet.access_token as string,
                    };
                });
            });
        });
    }