cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix state handling in auth request

Browse source
This commit is contained in:
Livio Amstutz 2020-09-15 08:06:18 +02:00
parent 3c2ad6a53d
commit 2dfdaa2223
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkg/rp/default_rp.go
View file

@ -153,7 +153,11 @@ func (p *DefaultRP) AuthURL(state string, opts ...AuthURLOpt) string {
//AuthURL is the `RelayingParty` interface implementation //AuthURL is the `RelayingParty` interface implementation
//extending the `AuthURL` method with a http redirect handler //extending the `AuthURL` method with a http redirect handler
func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc { func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc {
return AuthURLHandler(state, p) return AuthURLHandler(
func() string {
return state
}, p,
)
} }
//deprecated: Use CodeExchange func and provide a RelayingParty //deprecated: Use CodeExchange func and provide a RelayingParty

3
pkg/rp/relaying_party.go
View file

@ -230,9 +230,10 @@ func AuthURL(state string, rp RelayingParty, opts ...AuthURLOpt) string {
//AuthURLHandler extends the `AuthURL` method with a http redirect handler //AuthURLHandler extends the `AuthURL` method with a http redirect handler
//including handling setting cookie for secure `state` transfer //including handling setting cookie for secure `state` transfer
func AuthURLHandler(state string, rp RelayingParty) http.HandlerFunc { func AuthURLHandler(stateFn func() string, rp RelayingParty) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
opts := make([]AuthURLOpt, 0) opts := make([]AuthURLOpt, 0)
state := stateFn()
if err := trySetStateCookie(w, state, rp); err != nil { if err := trySetStateCookie(w, state, rp); err != nil {
http.Error(w, "failed to create state cookie: "+err.Error(), http.StatusUnauthorized) http.Error(w, "failed to create state cookie: "+err.Error(), http.StatusUnauthorized)
return return