mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-25 00:50:31 +00:00
oidc/oauth2: use an opaque state
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
f22ec2275f
commit
4cb6acefb2
2 changed files with 11 additions and 5 deletions
|
@ -15,13 +15,13 @@
|
||||||
package httpd
|
package httpd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/rs/xid"
|
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/internal/kms"
|
"github.com/drakkan/sftpgo/v2/internal/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/internal/logger"
|
"github.com/drakkan/sftpgo/v2/internal/logger"
|
||||||
|
@ -53,8 +53,10 @@ type oauth2PendingAuth struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
|
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
|
||||||
|
state := sha256.Sum256(util.GenerateRandomBytes(32))
|
||||||
|
|
||||||
return oauth2PendingAuth{
|
return oauth2PendingAuth{
|
||||||
State: xid.New().String(),
|
State: hex.EncodeToString(state[:]),
|
||||||
Provider: provider,
|
Provider: provider,
|
||||||
ClientID: clientID,
|
ClientID: clientID,
|
||||||
ClientSecret: clientSecret,
|
ClientSecret: clientSecret,
|
||||||
|
|
|
@ -16,6 +16,7 @@ package httpd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -203,9 +204,12 @@ type oidcPendingAuth struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
|
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
|
||||||
|
state := sha256.Sum256(util.GenerateRandomBytes(32))
|
||||||
|
nonce := util.GenerateUniqueID()
|
||||||
|
|
||||||
return oidcPendingAuth{
|
return oidcPendingAuth{
|
||||||
State: xid.New().String(),
|
State: hex.EncodeToString(state[:]),
|
||||||
Nonce: hex.EncodeToString(util.GenerateRandomBytes(20)),
|
Nonce: nonce,
|
||||||
Audience: audience,
|
Audience: audience,
|
||||||
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
|
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue