lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-14 20:40:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: oidc 支持nonce

Browse Source
This commit is contained in:
xiaojunnuo
2025-12-03 22:00:35 +08:00
parent 2ea3810980
commit a5ca41131b
1 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
packages/ui/certd-server/src/plugins/plugin-oauth/oidc/plugin-oidc.ts
View File

@@ -90,24 +90,16 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
code_challenge,
code_challenge_method: 'S256',
state,
nonce: client.randomNonce(),
}
// if (!config.serverMetadata().supportsPKCE()) {
// /**
// * We cannot be sure the server supports PKCE so we're going to use state too.
// * Use of PKCE is backwards compatible even if the AS doesn't support it which
// * is why we're using it regardless. Like PKCE, random state must be generated
// * for every redirect to the authorization_endpoint.
// */
// parameters.state = client.randomState()
// }
let redirectTo = client.buildAuthorizationUrl(config, parameters)
return {
loginUrl: redirectTo.href,
ticketValue: {
codeVerifier: code_verifier,
state,
nonce: parameters.nonce,
},
};
}
@@ -120,8 +112,9 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
config,
req.currentURL,
{
expectedState: client.skipStateCheck ,
expectedState: req.ticketValue.state,
pkceCodeVerifier: req.ticketValue.codeVerifier,
expectedNonce: req.ticketValue.nonce,
}
)