-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ballinette
committed
Oct 12, 2019
1 parent
d6a1277
commit 2b6bc99
Showing
3 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
module.exports = { | ||
issuer: `${process.env.ISSUER || 'http://localhost:4000'}`, | ||
clients: [ | ||
{ | ||
client_id: '09a1a257648c1742c74d6a3d84b31943', | ||
client_secret: '7ae4fef2aab63fb78d777fe657b7536f', | ||
redirect_uri: 'http://localhost:3000/login-callback', | ||
redirect_logout_uri: 'http://localhost:3000/logout-callback', | ||
}, | ||
], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
const config = require('../config'); | ||
|
||
// local helper | ||
const findClient = client_id => config.clients.find(item => item.client_id === client_id); | ||
|
||
const userAuthorize = (req, res) => { | ||
// check the required parameters | ||
for (const field of ['scope', 'response_type', 'client_id', 'redirect_uri']) { | ||
if (!req.query[field]) { | ||
console.error(`missing "${field}" parameter`); | ||
return res.sendStatus(400); | ||
} | ||
} | ||
if (! req.query.scope.includes('openid')) { | ||
console.error('missing "openid" scope'); | ||
return res.sendStatus(400); | ||
} | ||
if (req.query.response_type !== 'code') { | ||
console.error('only Authorization Code supported: response_type MUST be equal to "code"'); | ||
return res.sendStatus(400); | ||
} | ||
|
||
// check client config: | ||
const client = findClient(req.query.client_id); | ||
if (! client) { | ||
console.error('Client ID not found'); | ||
return res.sendStatus(400); | ||
} | ||
if (client.redirect_uri !== req.query.redirect_uri) { | ||
console.error('Mismatch redirect_uri'); | ||
return res.sendStatus(400); | ||
} | ||
|
||
// store input request parameters into session to be used after authentification | ||
req.session.oidc_query = req.query; | ||
|
||
// redirect to login form | ||
return res.redirect('/login'); | ||
}; | ||
|
||
module.exports = { | ||
userAuthorize, | ||
} |