imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OIDC: update to oidc-client-ts functions from js-sdk (#11193)

Browse source 
* test util for oidcclientconfigs

* rename type and lint

* correct oidc test util

* store issuer and clientId pre auth navigation

* update for js-sdk userstate, tidy
This commit is contained in:
Kerry 2023-07-10 12:57:16 +12:00 committed by GitHub
parent 1a75d5d869
commit 01bd80fe59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 91 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/utils/AutoDiscoveryUtils.tsx
View file

@ -15,14 +15,14 @@ limitations under the License.
*/
import React, { ReactNode } from "react";
import { AutoDiscovery, ClientConfig } from "matrix-js-sdk/src/autodiscovery";
import { AutoDiscovery, ClientConfig, OidcClientConfig } from "matrix-js-sdk/src/autodiscovery";
import { M_AUTHENTICATION } from "matrix-js-sdk/src/client";
import { logger } from "matrix-js-sdk/src/logger";
import { IClientWellKnown } from "matrix-js-sdk/src/matrix";
import { _t, UserFriendlyError } from "../languageHandler";
import SdkConfig from "../SdkConfig";
import { ValidatedDelegatedAuthConfig, ValidatedServerConfig } from "./ValidatedServerConfig";
import { ValidatedServerConfig } from "./ValidatedServerConfig";
const LIVELINESS_DISCOVERY_ERRORS: string[] = [
AutoDiscovery.ERROR_INVALID_HOMESERVER,
@ -259,25 +259,25 @@ export default class AutoDiscoveryUtils {
throw new UserFriendlyError("Unexpected error resolving homeserver configuration");
}
let delegatedAuthentication:
| {
authorizationEndpoint: string;
registrationEndpoint?: string;
tokenEndpoint: string;
account?: string;
issuer: string;
}
| undefined;
let delegatedAuthentication: OidcClientConfig | undefined;
if (discoveryResult[M_AUTHENTICATION.stable!]?.state === AutoDiscovery.SUCCESS) {
const { authorizationEndpoint, registrationEndpoint, tokenEndpoint, account, issuer } = discoveryResult[
M_AUTHENTICATION.stable!
] as ValidatedDelegatedAuthConfig;
const {
authorizationEndpoint,
registrationEndpoint,
tokenEndpoint,
account,
issuer,
metadata,
signingKeys,
} = discoveryResult[M_AUTHENTICATION.stable!] as OidcClientConfig;
delegatedAuthentication = Object.freeze({
authorizationEndpoint,
registrationEndpoint,
tokenEndpoint,
account,
issuer,
metadata,
signingKeys,
});
}

3
src/utils/ValidatedServerConfig.ts
View file

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
import { OidcClientConfig } from "matrix-js-sdk/src/autodiscovery";
import { IDelegatedAuthConfig } from "matrix-js-sdk/src/client";
import { ValidatedIssuerConfig } from "matrix-js-sdk/src/oidc/validate";
@ -38,5 +39,5 @@ export interface ValidatedServerConfig {
* From homeserver .well-known m.authentication, and issuer's .well-known/openid-configuration
* Used for OIDC native flow authentication
*/
delegatedAuthentication?: ValidatedDelegatedAuthConfig;
delegatedAuthentication?: OidcClientConfig;
}

54
src/utils/oidc/authorize.ts
View file

@ -14,34 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
import {
AuthorizationParams,
generateAuthorizationParams,
generateAuthorizationUrl,
} from "matrix-js-sdk/src/oidc/authorize";
import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
/**
* Store authorization params for retrieval when returning from OIDC OP
* @param authorizationParams from `generateAuthorizationParams`
* @param delegatedAuthConfig used for future interactions with OP
* @param clientId this client's id as registered with configured issuer
* @param homeserver target homeserver
*/
const storeAuthorizationParams = (
{ redirectUri, state, nonce, codeVerifier }: AuthorizationParams,
{ issuer }: ValidatedDelegatedAuthConfig,
clientId: string,
homeserver: string,
): void => {
window.sessionStorage.setItem(`oidc_${state}_nonce`, nonce);
window.sessionStorage.setItem(`oidc_${state}_redirectUri`, redirectUri);
window.sessionStorage.setItem(`oidc_${state}_codeVerifier`, codeVerifier);
window.sessionStorage.setItem(`oidc_${state}_clientId`, clientId);
window.sessionStorage.setItem(`oidc_${state}_issuer`, issuer);
window.sessionStorage.setItem(`oidc_${state}_homeserver`, homeserver);
};
import { OidcClientConfig } from "matrix-js-sdk/src/autodiscovery";
import { generateOidcAuthorizationUrl } from "matrix-js-sdk/src/oidc/authorize";
import { randomString } from "matrix-js-sdk/src/randomstring";
/**
* Start OIDC authorization code flow
@ -49,25 +24,28 @@ const storeAuthorizationParams = (
* Navigates to configured authorization endpoint
* @param delegatedAuthConfig from discovery
* @param clientId this client's id as registered with configured issuer
* @param homeserver target homeserver
* @param homeserverUrl target homeserver
* @param identityServerUrl OPTIONAL target identity server
* @returns Promise that resolves after we have navigated to auth endpoint
*/
export const startOidcLogin = async (
delegatedAuthConfig: ValidatedDelegatedAuthConfig,
delegatedAuthConfig: OidcClientConfig,
clientId: string,
homeserver: string,
homeserverUrl: string,
identityServerUrl?: string,
): Promise<void> => {
// TODO(kerrya) afterloginfragment https://github.com/vector-im/element-web/issues/25656
const redirectUri = window.location.origin;
const authParams = generateAuthorizationParams({ redirectUri });
storeAuthorizationParams(authParams, delegatedAuthConfig, clientId, homeserver);
const nonce = randomString(10);
const authorizationUrl = await generateAuthorizationUrl(
delegatedAuthConfig.authorizationEndpoint,
const authorizationUrl = await generateOidcAuthorizationUrl({
metadata: delegatedAuthConfig.metadata,
redirectUri,
clientId,
authParams,
);
homeserverUrl,
identityServerUrl,
nonce,
});
window.location.href = authorizationUrl;
};