Fix element-desktop-ssoid being
included in OIDC Authorization call (#12495)
* Fix `element-desktop-ssoid being` included in OIDC Authorization call Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Split out oidc callback url into its own method Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix unexpected hash on oidc callback url Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Update src/BasePlatform.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This commit is contained in:
parent
ed7a21a63c
commit
cc6958980b
5 changed files with 17 additions and 6 deletions
|
@ -315,7 +315,7 @@ export default abstract class BasePlatform {
|
|||
}
|
||||
|
||||
/**
|
||||
* The URL to return to after a successful SSO/OIDC authentication
|
||||
* The URL to return to after a successful SSO authentication
|
||||
* @param fragmentAfterLogin optional fragment for specific view to return to
|
||||
*/
|
||||
public getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
|
||||
|
@ -438,7 +438,7 @@ export default abstract class BasePlatform {
|
|||
return {
|
||||
clientName: config.brand,
|
||||
clientUri: this.baseUrl,
|
||||
redirectUris: [this.getSSOCallbackUrl().href],
|
||||
redirectUris: [this.getOidcCallbackUrl().href],
|
||||
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
|
||||
applicationType: "web",
|
||||
// XXX: We break the spec by not consistently supplying these required fields
|
||||
|
@ -457,4 +457,15 @@ export default abstract class BasePlatform {
|
|||
public getOidcClientState(): string {
|
||||
return "";
|
||||
}
|
||||
|
||||
/**
|
||||
* The URL to return to after a successful OIDC authentication
|
||||
*/
|
||||
public getOidcCallbackUrl(): URL {
|
||||
const url = new URL(window.location.href);
|
||||
// The redirect URL has to exactly match that registered at the OIDC server, so
|
||||
// ensure that the fragment part of the URL is empty.
|
||||
url.hash = "";
|
||||
return url;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -720,7 +720,7 @@ async function createOidcTokenRefresher(credentials: IMatrixClientCreds): Promis
|
|||
try {
|
||||
const clientId = getStoredOidcClientId();
|
||||
const idTokenClaims = getStoredOidcIdTokenClaims();
|
||||
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
|
||||
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
|
||||
const deviceId = credentials.deviceId;
|
||||
if (!deviceId) {
|
||||
throw new Error("Expected deviceId in user credentials.");
|
||||
|
|
|
@ -169,7 +169,7 @@ export class OidcClientStore {
|
|||
...metadata,
|
||||
authority: metadata.issuer,
|
||||
signingKeys,
|
||||
redirect_uri: PlatformPeg.get()!.getSSOCallbackUrl().href,
|
||||
redirect_uri: PlatformPeg.get()!.getOidcCallbackUrl().href,
|
||||
client_id: clientId,
|
||||
});
|
||||
} catch (error) {
|
||||
|
|
|
@ -40,7 +40,7 @@ export const startOidcLogin = async (
|
|||
identityServerUrl?: string,
|
||||
isRegistration?: boolean,
|
||||
): Promise<void> => {
|
||||
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
|
||||
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
|
||||
|
||||
const nonce = randomString(10);
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ describe("getOidcClientId()", () => {
|
|||
return baseUrl;
|
||||
},
|
||||
});
|
||||
Object.defineProperty(PlatformPeg.get(), "getSSOCallbackUrl", {
|
||||
Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
|
||||
value: () => ({
|
||||
href: baseUrl,
|
||||
}),
|
||||
|
|
Loading…
Reference in a new issue