mirror of
https://github.com/element-hq/element-web
synced 2024-11-25 18:55:58 +03:00
Fix element-desktop-ssoid being
included in OIDC Authorization call (#12495)
* Fix `element-desktop-ssoid being` included in OIDC Authorization call Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Split out oidc callback url into its own method Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix unexpected hash on oidc callback url Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Update src/BasePlatform.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This commit is contained in:
parent
ed7a21a63c
commit
cc6958980b
5 changed files with 17 additions and 6 deletions
|
@ -315,7 +315,7 @@ export default abstract class BasePlatform {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The URL to return to after a successful SSO/OIDC authentication
|
* The URL to return to after a successful SSO authentication
|
||||||
* @param fragmentAfterLogin optional fragment for specific view to return to
|
* @param fragmentAfterLogin optional fragment for specific view to return to
|
||||||
*/
|
*/
|
||||||
public getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
|
public getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
|
||||||
|
@ -438,7 +438,7 @@ export default abstract class BasePlatform {
|
||||||
return {
|
return {
|
||||||
clientName: config.brand,
|
clientName: config.brand,
|
||||||
clientUri: this.baseUrl,
|
clientUri: this.baseUrl,
|
||||||
redirectUris: [this.getSSOCallbackUrl().href],
|
redirectUris: [this.getOidcCallbackUrl().href],
|
||||||
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
|
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
|
||||||
applicationType: "web",
|
applicationType: "web",
|
||||||
// XXX: We break the spec by not consistently supplying these required fields
|
// XXX: We break the spec by not consistently supplying these required fields
|
||||||
|
@ -457,4 +457,15 @@ export default abstract class BasePlatform {
|
||||||
public getOidcClientState(): string {
|
public getOidcClientState(): string {
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The URL to return to after a successful OIDC authentication
|
||||||
|
*/
|
||||||
|
public getOidcCallbackUrl(): URL {
|
||||||
|
const url = new URL(window.location.href);
|
||||||
|
// The redirect URL has to exactly match that registered at the OIDC server, so
|
||||||
|
// ensure that the fragment part of the URL is empty.
|
||||||
|
url.hash = "";
|
||||||
|
return url;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -720,7 +720,7 @@ async function createOidcTokenRefresher(credentials: IMatrixClientCreds): Promis
|
||||||
try {
|
try {
|
||||||
const clientId = getStoredOidcClientId();
|
const clientId = getStoredOidcClientId();
|
||||||
const idTokenClaims = getStoredOidcIdTokenClaims();
|
const idTokenClaims = getStoredOidcIdTokenClaims();
|
||||||
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
|
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
|
||||||
const deviceId = credentials.deviceId;
|
const deviceId = credentials.deviceId;
|
||||||
if (!deviceId) {
|
if (!deviceId) {
|
||||||
throw new Error("Expected deviceId in user credentials.");
|
throw new Error("Expected deviceId in user credentials.");
|
||||||
|
|
|
@ -169,7 +169,7 @@ export class OidcClientStore {
|
||||||
...metadata,
|
...metadata,
|
||||||
authority: metadata.issuer,
|
authority: metadata.issuer,
|
||||||
signingKeys,
|
signingKeys,
|
||||||
redirect_uri: PlatformPeg.get()!.getSSOCallbackUrl().href,
|
redirect_uri: PlatformPeg.get()!.getOidcCallbackUrl().href,
|
||||||
client_id: clientId,
|
client_id: clientId,
|
||||||
});
|
});
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
|
|
|
@ -40,7 +40,7 @@ export const startOidcLogin = async (
|
||||||
identityServerUrl?: string,
|
identityServerUrl?: string,
|
||||||
isRegistration?: boolean,
|
isRegistration?: boolean,
|
||||||
): Promise<void> => {
|
): Promise<void> => {
|
||||||
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
|
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
|
||||||
|
|
||||||
const nonce = randomString(10);
|
const nonce = randomString(10);
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ describe("getOidcClientId()", () => {
|
||||||
return baseUrl;
|
return baseUrl;
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
Object.defineProperty(PlatformPeg.get(), "getSSOCallbackUrl", {
|
Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
|
||||||
value: () => ({
|
value: () => ({
|
||||||
href: baseUrl,
|
href: baseUrl,
|
||||||
}),
|
}),
|
||||||
|
|
Loading…
Reference in a new issue