versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 22:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(api): 🛂 Rewrite OpenID auth code to use state for data instead of query parameters

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-12-10 20:59:08 +01:00
parent 5436be0578
commit a951a08073
No known key found for this signature in database
6 changed files with 51 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

25
packages/api/routes/api/v1/sso/index.ts
View file

@ -5,6 +5,7 @@ import { apiRoute, auth, handleZodError } from "@versia-server/kit/api";
import { Client, db } from "@versia-server/kit/db";
import { OpenIdLoginFlows } from "@versia-server/kit/tables";
import { randomUUIDv7 } from "bun";
import { sign } from "hono/jwt";
import { describeRoute, resolver, validator } from "hono-openapi";
import * as client from "openid-client";
import { z } from "zod";
@ -114,10 +115,6 @@ export default apiRoute((app) => {
code_challenge_method: "S256",
};
if (!oidcConfig.serverMetadata().supportsPKCE()) {
parameters.state = client.randomState();
}
const redirectUri = oauthRedirectUri(
context.get("config").http.base_url,
issuerId,
@ -149,14 +146,24 @@ export default apiRoute((app) => {
.returning()
)[0];
const jwt = await sign(
{
flow: newFlow.id,
link: "true",
user_id: user.id,
exp: Math.floor(Date.now() / 1000) + 300, // 5 minutes expiration
iss: config.http.base_url.toString(),
iat: Math.floor(Date.now() / 1000),
},
config.authentication.key,
);
parameters.state = jwt;
parameters.redirect_uri = `${oauthRedirectUri(
config.http.base_url,
issuerId,
)}?${new URLSearchParams({
flow: newFlow.id,
link: "true",
user_id: user.id,
})}`;
)}`;
const redirectTo = client.buildAuthorizationUrl(
oidcConfig,