mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 15:10:23 +00:00
oidc/oauth2: use an opaque state
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
f22ec2275f
commit
4cb6acefb2
2 changed files with 11 additions and 5 deletions
|
|
@ -15,13 +15,13 @@
|
|||
package httpd
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/rs/xid"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/internal/kms"
|
||||
"github.com/drakkan/sftpgo/v2/internal/logger"
|
||||
|
|
@ -53,8 +53,10 @@ type oauth2PendingAuth struct {
|
|||
}
|
||||
|
||||
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
|
||||
state := sha256.Sum256(util.GenerateRandomBytes(32))
|
||||
|
||||
return oauth2PendingAuth{
|
||||
State: xid.New().String(),
|
||||
State: hex.EncodeToString(state[:]),
|
||||
Provider: provider,
|
||||
ClientID: clientID,
|
||||
ClientSecret: clientSecret,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ package httpd
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
|
@ -203,9 +204,12 @@ type oidcPendingAuth struct {
|
|||
}
|
||||
|
||||
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
|
||||
state := sha256.Sum256(util.GenerateRandomBytes(32))
|
||||
nonce := util.GenerateUniqueID()
|
||||
|
||||
return oidcPendingAuth{
|
||||
State: xid.New().String(),
|
||||
Nonce: hex.EncodeToString(util.GenerateRandomBytes(20)),
|
||||
State: hex.EncodeToString(state[:]),
|
||||
Nonce: nonce,
|
||||
Audience: audience,
|
||||
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue