oidc/oauth2: use an opaque state

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-11 19:43:57 +01:00
parent f3a58b8ecc
commit d7d08c3d2f
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 11 additions and 5 deletions

View file

@ -15,13 +15,13 @@
package httpd
import (
"crypto/sha256"
"encoding/hex"
"encoding/json"
"errors"
"sync"
"time"
"github.com/rs/xid"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger"
@ -53,8 +53,10 @@ type oauth2PendingAuth struct {
}
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
return oauth2PendingAuth{
State: xid.New().String(),
State: hex.EncodeToString(state[:]),
Provider: provider,
ClientID: clientID,
ClientSecret: clientSecret,

View file

@ -16,6 +16,7 @@ package httpd
import (
"context"
"crypto/sha256"
"encoding/hex"
"errors"
"fmt"
@ -202,9 +203,12 @@ type oidcPendingAuth struct {
}
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
nonce := util.GenerateUniqueID()
return oidcPendingAuth{
State: xid.New().String(),
Nonce: hex.EncodeToString(util.GenerateRandomBytes(20)),
State: hex.EncodeToString(state[:]),
Nonce: nonce,
Audience: audience,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
}