fix(auth): fix auth redirect bug (#1925)

* fix(auth): authz bug fix * fix(auth): fix auth redirect bug Co-authored-by: caryxychen <caryxychen@tencent.com>
tkestack · May 13, 2022 · 7aef435 · 7aef435
1 parent ea76e00
commit 7aef435
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/pkg/gateway/auth/login.go b/pkg/gateway/auth/login.go
@@ -30,7 +30,11 @@ const RedirectURIKey = "redirect_uri"
 
 // RedirectLogin to redirect the http request to login page.
 func RedirectLogin(w http.ResponseWriter, r *http.Request, oauthConfig *oauth2.Config, disableOIDCProxy bool) {
-	oauthURL := oauthConfig.AuthCodeURL(r.URL.String(), oauth2.AccessTypeOffline)
+	state := r.URL.String()
+	if state == "" || state == "/" {
+		state = "/tkestack"
+	}
+	oauthURL := oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
 	if !disableOIDCProxy {
 		originOAuthURL, err := url.Parse(oauthURL)
 		if err != nil {

diff --git a/pkg/gateway/token/token.go b/pkg/gateway/token/token.go
@@ -68,7 +68,7 @@ func RetrieveToken(request *http.Request) (*Token, error) {
 // OAuth2 token.
 func ResponseToken(t *oauth2.Token, writer http.ResponseWriter) error {
 	idToken, ok := t.Extra("id_token").(string)
-	if !ok {
+	if !ok || idToken == "" {
 		log.Error("Failed to extra oauth2 token to id token", log.Any("token", t))
 		return fmt.Errorf("failed to extra oauth2 token to id token")
 	}