Merge pull request #15 from nipunsampath/login-loop-with-pkce-disable…

…d-fix Fixing login request loop when PKCE is mandatory on Asgardeo console but disabled on the SDK
asgardeo · Jul 14, 2022 · 24e0589 · 24e0589
2 parents 354a980 + a5d4681
commit 24e0589
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/lib/src/client.ts b/lib/src/client.ts
@@ -35,6 +35,7 @@ import { Logger } from "./utils/logger-util";
 import express from "express";
 import { v4 as uuidv4 } from "uuid";
 import { asgardeoExpressAuth, protectRoute } from "./middleware";
+import { ExpressUtils } from "./utils/express-utils";
 
 export class AsgardeoExpressClient {
     private _authClient: AsgardeoNodeClient<AuthClientConfig>;
@@ -93,6 +94,17 @@ export class AsgardeoExpressClient {
         next: express.nextFunction,
         signInConfig?: Record<string, string | boolean>
     ): Promise<TokenResponse> {
+
+        if (ExpressUtils.hasErrorInURL(req.originalUrl)) {
+            return Promise.reject(
+                new AsgardeoAuthException(
+                    "EXPRESS-CLIENT-SI-IV01",
+                    "Invalid login request URL",
+                    "Login request contains an error query parameter in the URL"
+                )
+            )
+        }
+
         //Check if the user has a valid user ID and if not create one
         let userID = req.cookies.ASGARDEO_SESSION_ID;
         if (!userID) {

diff --git a/lib/src/utils/express-utils.ts b/lib/src/utils/express-utils.ts
@@ -0,0 +1,15 @@
+export class ExpressUtils {
+
+    /**
+     * Util function to check if the URL contains an error.
+     *
+     * @param url - URL to be checked.
+     *
+     * @returns {boolean} - True if the URL contains an error.
+     */
+    public static hasErrorInURL(url: string): boolean {
+        const AUTH_CODE_REGEXP: RegExp = /[?&]error=[^&]+/;
+
+        return AUTH_CODE_REGEXP.test(url);
+    }
+}