Skip to content

Commit

Permalink
oidc: include response_type for client.callback() (#1233)
Browse files Browse the repository at this point in the history 
* imposes stricter checks on params
* recommended at https://github.com/panva/openid-client/tree/v5.4.3/docs#clientcallbackredirecturi-parameters-checks-extras
* makes /callback fail faster if `code_verifier` cookie is missing & code is missing from callback params
  • Loading branch information
@alxndrsn
alxndrsn authored Nov 27, 2024
1 parent 13b29c1 commit 57c4da5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
4 changes: 3 additions & 1 deletion lib/resources/oidc.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const { redirect } = require('../util/http');
const { createUserSession } = require('../http/sessions');
const { // eslint-disable-line object-curly-newline
CODE_CHALLENGE_METHOD,
RESPONSE_TYPE,
SCOPES,
getClient,
getRedirectUri,
Expand Down Expand Up @@ -137,7 +138,8 @@ module.exports = (service, endpoint) => {
const client = await getClient();

const params = client.callbackParams(req);
const tokenSet = await client.callback(getRedirectUri(), params, { code_verifier });

const tokenSet = await client.callback(getRedirectUri(), params, { response_type: RESPONSE_TYPE, code_verifier });

const { access_token } = tokenSet;

Expand Down
1 change: 1 addition & 0 deletions lib/util/oidc.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ const TOKEN_ENDPOINT_AUTH_METHOD = 'client_secret_basic';

module.exports = {
CODE_CHALLENGE_METHOD,
RESPONSE_TYPE,
SCOPES,
getClient,
getRedirectUri,
Expand Down

0 comments on commit 57c4da5

Please sign in to comment.