nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add nonce to auth code flow

Browse source
This commit is contained in:
theworldbright 2015-08-07 21:32:48 +09:00
parent bb8fe6aa83
commit 724f32604b
4 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/api/openid_connect/authorization.rb
View file

@ -38,7 +38,7 @@ module Api
# TODO: Add support for request object # TODO: Add support for request object
end end
def create_id_token(nonce=nil) def create_id_token
id_tokens.create!(nonce: nonce) id_tokens.create!(nonce: nonce)
end end

1
db/migrate/20150708153926_create_authorizations.rb
View file

@ -6,6 +6,7 @@ class CreateAuthorizations < ActiveRecord::Migration
t.string :refresh_token t.string :refresh_token
t.string :code t.string :code
t.string :redirect_uri t.string :redirect_uri
t.string :nonce
t.timestamps null: false t.timestamps null: false
end end

1
db/schema.rb
View file

@ -69,6 +69,7 @@ ActiveRecord::Schema.define(version: 20150801074555) do
t.string "refresh_token", limit: 255 t.string "refresh_token", limit: 255
t.string "code", limit: 255 t.string "code", limit: 255
t.string "redirect_uri", limit: 255 t.string "redirect_uri", limit: 255
t.string "nonce", limit: 255
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
end end

7
lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
View file

@ -23,6 +23,7 @@ module Api
def approved!(req, res) def approved!(req, res)
auth = OpenidConnect::Authorization.find_or_create_by( auth = OpenidConnect::Authorization.find_or_create_by(
o_auth_application: @o_auth_application, user: @user, redirect_uri: @redirect_uri) o_auth_application: @o_auth_application, user: @user, redirect_uri: @redirect_uri)
auth.nonce = req.nonce
auth.scopes << @scopes auth.scopes << @scopes
handle_approved_response_type(auth, req, res) handle_approved_response_type(auth, req, res)
res.approve! res.approve!
@ -32,7 +33,7 @@ module Api
response_types = Array(req.response_type) response_types = Array(req.response_type)
handle_approved_auth_code(auth, res, response_types) handle_approved_auth_code(auth, res, response_types)
handle_approved_access_token(auth, res, response_types) handle_approved_access_token(auth, res, response_types)
handle_approved_id_token(auth, req, res, response_types) handle_approved_id_token(auth, res, response_types)
end end
def handle_approved_auth_code(auth, res, response_types) def handle_approved_auth_code(auth, res, response_types)
@ -45,9 +46,9 @@ module Api
res.access_token = auth.create_access_token res.access_token = auth.create_access_token
end end
def handle_approved_id_token(auth, req, res, response_types) def handle_approved_id_token(auth, res, response_types)
return unless response_types.include?(:id_token) return unless response_types.include?(:id_token)
id_token = auth.create_id_token(req.nonce) id_token = auth.create_id_token
auth_code_value = res.respond_to?(:code) ? res.code : nil auth_code_value = res.respond_to?(:code) ? res.code : nil
access_token_value = res.respond_to?(:access_token) ? res.access_token : nil access_token_value = res.respond_to?(:access_token) ? res.access_token : nil
res.id_token = id_token.to_jwt(code: auth_code_value, access_token: access_token_value) res.id_token = id_token.to_jwt(code: auth_code_value, access_token: access_token_value)