From 7aef4355b082025c9aa231be4033eaca3c1e2244 Mon Sep 17 00:00:00 2001
From: caryxychen <101852328+caryxychen@users.noreply.github.com>
Date: Fri, 13 May 2022 14:13:14 +0800
Subject: [PATCH] fix(auth): fix auth redirect bug (#1925)

* fix(auth): authz bug fix

* fix(auth): fix auth redirect bug

Co-authored-by: caryxychen <caryxychen@tencent.com>
---
 pkg/gateway/auth/login.go  | 6 +++++-
 pkg/gateway/token/token.go | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/gateway/auth/login.go b/pkg/gateway/auth/login.go
index f08abdfd7..25a1338e8 100644
--- a/pkg/gateway/auth/login.go
+++ b/pkg/gateway/auth/login.go
@@ -30,7 +30,11 @@ const RedirectURIKey = "redirect_uri"
 
 // RedirectLogin to redirect the http request to login page.
 func RedirectLogin(w http.ResponseWriter, r *http.Request, oauthConfig *oauth2.Config, disableOIDCProxy bool) {
-	oauthURL := oauthConfig.AuthCodeURL(r.URL.String(), oauth2.AccessTypeOffline)
+	state := r.URL.String()
+	if state == "" || state == "/" {
+		state = "/tkestack"
+	}
+	oauthURL := oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
 	if !disableOIDCProxy {
 		originOAuthURL, err := url.Parse(oauthURL)
 		if err != nil {
diff --git a/pkg/gateway/token/token.go b/pkg/gateway/token/token.go
index ad0a9f7f7..23d195805 100644
--- a/pkg/gateway/token/token.go
+++ b/pkg/gateway/token/token.go
@@ -68,7 +68,7 @@ func RetrieveToken(request *http.Request) (*Token, error) {
 // OAuth2 token.
 func ResponseToken(t *oauth2.Token, writer http.ResponseWriter) error {
 	idToken, ok := t.Extra("id_token").(string)
-	if !ok {
+	if !ok || idToken == "" {
 		log.Error("Failed to extra oauth2 token to id token", log.Any("token", t))
 		return fmt.Errorf("failed to extra oauth2 token to id token")
 	}