use more future proof config for static clients (#11175)
This commit is contained in:
parent
ce332d0f8b
commit
90e65e8490
5 changed files with 24 additions and 13 deletions
|
@ -201,7 +201,12 @@ export interface IConfigOptions {
|
|||
* The issuer URL must have a trailing `/`.
|
||||
* OPTIONAL
|
||||
*/
|
||||
oidc_static_client_ids?: Record<string, string>;
|
||||
oidc_static_clients?: Record<
|
||||
string,
|
||||
{
|
||||
client_id: string;
|
||||
}
|
||||
>;
|
||||
}
|
||||
|
||||
export interface ISsoRedirectOptions {
|
||||
|
|
|
@ -102,7 +102,7 @@ export default class Login {
|
|||
const oidcFlow = await tryInitOidcNativeFlow(
|
||||
this.delegatedAuthentication,
|
||||
SdkConfig.get().brand,
|
||||
SdkConfig.get().oidc_static_client_ids,
|
||||
SdkConfig.get().oidc_static_clients,
|
||||
);
|
||||
return [oidcFlow];
|
||||
} catch (error) {
|
||||
|
@ -211,9 +211,9 @@ export interface OidcNativeFlow extends ILoginFlow {
|
|||
const tryInitOidcNativeFlow = async (
|
||||
delegatedAuthConfig: ValidatedDelegatedAuthConfig,
|
||||
brand: string,
|
||||
oidcStaticClientIds?: IConfigOptions["oidc_static_client_ids"],
|
||||
oidcStaticClients?: IConfigOptions["oidc_static_clients"],
|
||||
): Promise<OidcNativeFlow> => {
|
||||
const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClientIds);
|
||||
const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClients);
|
||||
|
||||
const flow = {
|
||||
type: "oidcNativeFlow",
|
||||
|
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
import { logger } from "matrix-js-sdk/src/logger";
|
||||
import { registerOidcClient } from "matrix-js-sdk/src/oidc/register";
|
||||
|
||||
import { IConfigOptions } from "../../IConfigOptions";
|
||||
import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
|
||||
|
||||
/**
|
||||
|
@ -25,10 +26,13 @@ import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
|
|||
* @param staticOidcClients static client config from config.json
|
||||
* @returns clientId if found, otherwise undefined
|
||||
*/
|
||||
const getStaticOidcClientId = (issuer: string, staticOidcClients?: Record<string, string>): string | undefined => {
|
||||
const getStaticOidcClientId = (
|
||||
issuer: string,
|
||||
staticOidcClients?: IConfigOptions["oidc_static_clients"],
|
||||
): string | undefined => {
|
||||
// static_oidc_clients are configured with a trailing slash
|
||||
const issuerWithTrailingSlash = issuer.endsWith("/") ? issuer : issuer + "/";
|
||||
return staticOidcClients?.[issuerWithTrailingSlash];
|
||||
return staticOidcClients?.[issuerWithTrailingSlash]?.client_id;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -46,7 +50,7 @@ export const getOidcClientId = async (
|
|||
delegatedAuthConfig: ValidatedDelegatedAuthConfig,
|
||||
clientName: string,
|
||||
baseUrl: string,
|
||||
staticOidcClients?: Record<string, string>,
|
||||
staticOidcClients?: IConfigOptions["oidc_static_clients"],
|
||||
): Promise<string> => {
|
||||
const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients);
|
||||
if (staticClientId) {
|
||||
|
|
|
@ -37,7 +37,9 @@ jest.mock("matrix-js-sdk/src/matrix");
|
|||
jest.useRealTimers();
|
||||
|
||||
const oidcStaticClientsConfig = {
|
||||
"https://staticallyregisteredissuer.org/": "static-clientId-123",
|
||||
"https://staticallyregisteredissuer.org/": {
|
||||
client_id: "static-clientId-123",
|
||||
},
|
||||
};
|
||||
|
||||
describe("Login", function () {
|
||||
|
@ -52,7 +54,7 @@ describe("Login", function () {
|
|||
SdkConfig.put({
|
||||
brand: "test-brand",
|
||||
disable_custom_urls: true,
|
||||
oidc_static_client_ids: oidcStaticClientsConfig,
|
||||
oidc_static_clients: oidcStaticClientsConfig,
|
||||
});
|
||||
mockClient.login.mockClear().mockResolvedValue({
|
||||
access_token: "TOKEN",
|
||||
|
|
|
@ -27,7 +27,9 @@ describe("getOidcClientId()", () => {
|
|||
const baseUrl = "https://just.testing";
|
||||
const dynamicClientId = "xyz789";
|
||||
const staticOidcClients = {
|
||||
[issuer]: "abc123",
|
||||
[issuer]: {
|
||||
client_id: "abc123",
|
||||
},
|
||||
};
|
||||
const delegatedAuthConfig = {
|
||||
issuer,
|
||||
|
@ -42,9 +44,7 @@ describe("getOidcClientId()", () => {
|
|||
});
|
||||
|
||||
it("should return static clientId when configured", async () => {
|
||||
expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual(
|
||||
staticOidcClients[issuer],
|
||||
);
|
||||
expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual("abc123");
|
||||
// didn't try to register
|
||||
expect(fetchMockJest).toHaveFetchedTimes(0);
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue