mirror of
https://github.com/certd/certd.git
synced 2026-07-15 10:17:33 +08:00
chore: format
This commit is contained in:
@@ -4,19 +4,18 @@ import { IconSets } from "../iconsets.js";
|
||||
|
||||
@IsAddon({
|
||||
addonType: "oauth",
|
||||
name: 'oidc',
|
||||
title: 'OIDC认证',
|
||||
desc: 'OpenID Connect 认证,统一认证服务',
|
||||
icon:"simple-icons:fusionauth:#006be6",
|
||||
name: "oidc",
|
||||
title: "OIDC认证",
|
||||
desc: "OpenID Connect 认证,统一认证服务",
|
||||
icon: "simple-icons:fusionauth:#006be6",
|
||||
showTest: false,
|
||||
})
|
||||
export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
|
||||
@AddonInput({
|
||||
title: "自定义图标",
|
||||
component: {
|
||||
name:"fs-icon-selector",
|
||||
vModel:"modelValue",
|
||||
name: "fs-icon-selector",
|
||||
vModel: "modelValue",
|
||||
iconSets: IconSets,
|
||||
},
|
||||
required: false,
|
||||
@@ -49,53 +48,48 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
})
|
||||
issuerUrl = "";
|
||||
|
||||
|
||||
async getClient() {
|
||||
const client = await import('openid-client')
|
||||
let server = new URL(this.issuerUrl)// Authorization Server's Issuer Identifier
|
||||
const client = await import("openid-client");
|
||||
const server = new URL(this.issuerUrl); // Authorization Server's Issuer Identifier
|
||||
|
||||
let config = await client.discovery(
|
||||
server,
|
||||
this.clientId,
|
||||
this.clientSecretKey,
|
||||
)
|
||||
const config = await client.discovery(server, this.clientId, this.clientSecretKey);
|
||||
|
||||
// console.log(config.serverMetadata())
|
||||
|
||||
return {
|
||||
config,
|
||||
client
|
||||
}
|
||||
client,
|
||||
};
|
||||
}
|
||||
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
const { config, client } = await this.getClient()
|
||||
|
||||
let redirect_uri = new URL(params.redirectUri)
|
||||
let scope = 'openid profile' // Scope of the access request
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
const { config, client } = await this.getClient();
|
||||
|
||||
const redirect_uri = new URL(params.redirectUri);
|
||||
const scope = "openid profile"; // Scope of the access request
|
||||
/**
|
||||
* PKCE: The following MUST be generated for every redirect to the
|
||||
* authorization_endpoint. You must store the code_verifier and state in the
|
||||
* end-user session such that it can be recovered as the user gets redirected
|
||||
* from the authorization server back to your application.
|
||||
*/
|
||||
let code_verifier = client.randomPKCECodeVerifier()
|
||||
let code_challenge = await client.calculatePKCECodeChallenge(code_verifier)
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
const code_verifier = client.randomPKCECodeVerifier();
|
||||
const code_challenge = await client.calculatePKCECodeChallenge(code_verifier);
|
||||
let state: any = {
|
||||
forType: params.forType || "login",
|
||||
};
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state));
|
||||
|
||||
let parameters: any = {
|
||||
const parameters: any = {
|
||||
redirect_uri,
|
||||
scope,
|
||||
code_challenge,
|
||||
code_challenge_method: 'S256',
|
||||
code_challenge_method: "S256",
|
||||
state,
|
||||
nonce: client.randomNonce(),
|
||||
}
|
||||
};
|
||||
|
||||
let redirectTo = client.buildAuthorizationUrl(config, parameters)
|
||||
const redirectTo = client.buildAuthorizationUrl(config, parameters);
|
||||
return {
|
||||
loginUrl: redirectTo.href,
|
||||
ticketValue: {
|
||||
@@ -107,22 +101,17 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
}
|
||||
|
||||
async onCallback(req: OnCallbackReq) {
|
||||
const { config, client } = await this.getClient()
|
||||
const { config, client } = await this.getClient();
|
||||
|
||||
|
||||
let tokens: any = await client.authorizationCodeGrant(
|
||||
config,
|
||||
req.currentURL,
|
||||
{
|
||||
expectedState: req.ticketValue.state,
|
||||
pkceCodeVerifier: req.ticketValue.codeVerifier,
|
||||
expectedNonce: req.ticketValue.nonce,
|
||||
}
|
||||
)
|
||||
const tokens: any = await client.authorizationCodeGrant(config, req.currentURL, {
|
||||
expectedState: req.ticketValue.state,
|
||||
pkceCodeVerifier: req.ticketValue.codeVerifier,
|
||||
expectedNonce: req.ticketValue.nonce,
|
||||
});
|
||||
|
||||
const claims = tokens.claims()
|
||||
const claims = tokens.claims();
|
||||
return {
|
||||
token:{
|
||||
token: {
|
||||
accessToken: tokens.access_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
expiresIn: tokens.expires_in,
|
||||
@@ -133,18 +122,18 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
avatar: claims.picture,
|
||||
email: claims.email || "",
|
||||
},
|
||||
}
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
async buildLogoutUrl(params: BuildLogoutUrlReq) {
|
||||
try{
|
||||
const { config } = await this.getClient()
|
||||
let logoutUrl = config.serverMetadata().end_session_endpoint
|
||||
try {
|
||||
const { config } = await this.getClient();
|
||||
const logoutUrl = config.serverMetadata().end_session_endpoint;
|
||||
return {
|
||||
logoutUrl: logoutUrl,
|
||||
};
|
||||
}catch(err){
|
||||
this.logger.error(`获取注销地址失败: ${err}`)
|
||||
} catch (err) {
|
||||
this.logger.error(`获取注销地址失败: ${err}`);
|
||||
return {
|
||||
logoutUrl: "",
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user