Skip to content
Snippets Groups Projects
Verified Commit ab05af1e authored by Thomas SAUVAGE's avatar Thomas SAUVAGE
Browse files

A working solution

parent cf7122c9
No related branches found
No related tags found
No related merge requests found
Pipeline #13831 failed
Stage: Code quality
Hide whitespace changes
Inline Side-by-side
app/Controllers/auth/authSigmaUser.ts
+ 28
10
View file @ ab05af1e
import Env from '@ioc:Adonis/Core/Env' import Env from '@ioc:Adonis/Core/Env'
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext' import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { SigmaUser } from 'App/Utils/types'
import { ClientMetadata, Issuer, generators } from 'openid-client' import { ClientMetadata, Issuer, generators } from 'openid-client'
const AUTH_URL = 'https://auth.binets.fr' const AUTH_URL = 'https://auth.binets.fr'
...@@ -13,41 +14,58 @@ const clientOptions: ClientMetadata = { ...@@ -13,41 +14,58 @@ const clientOptions: ClientMetadata = {
response_types: ['code'], response_types: ['code'],
} }
// ! Safe ? Works ? Risk of building up if people don't log in
let verifiers: { [state: string]: string } = {}
/** Login a user using `auth.binets.fr` which uses OpenId auth */ /** Login a user using `auth.binets.fr` which uses OpenId auth */
export const loginSigmaUser = async ({ response }: HttpContextContract) => { export const loginSigmaUser = async ({ response }: HttpContextContract) => {
const issuer = await Issuer.discover(AUTH_URL) const issuer = await Issuer.discover(AUTH_URL)
const client = new issuer.Client(clientOptions) const client = new issuer.Client(clientOptions)
console.log(issuer.metadata) const codeVerifier = generators.codeVerifier()
const state = generators.state()
verifiers[state] = codeVerifier
const codeVerifier = '9ILex8ru5ZRZhedT-X2-ftF_Qm7mTP8WMFxiLLNPXYs' //generators.codeVerifier()
const codeChallenge = generators.codeChallenge(codeVerifier) const codeChallenge = generators.codeChallenge(codeVerifier)
const url = client.authorizationUrl({ const url = client.authorizationUrl({
scope: 'openid email profile groups', scope: 'openid email profile groups',
code_challenge: codeChallenge, code_challenge: codeChallenge,
code_challenge_method: 'S256', code_challenge_method: 'S256',
state: 'tartiflettePomme123', state,
}) })
return response.ok(url) return response.ok(url)
} }
/** Callback for `auth.binets.fr` */ /** Callback for `auth.binets.fr` */
export const callbackSigmaUser = async ({ request, auth }: HttpContextContract) => { export const callbackSigmaUser = async ({ response, request, auth }: HttpContextContract) => {
const issuer = await Issuer.discover(AUTH_URL) const issuer = await Issuer.discover(AUTH_URL)
const client = new issuer.Client(clientOptions) const client = new issuer.Client(clientOptions)
const codeVerifier = '9ILex8ru5ZRZhedT-X2-ftF_Qm7mTP8WMFxiLLNPXYs' //generators.codeVerifier()
const params = client.callbackParams(request.request) const params = client.callbackParams(request.request)
if (!params.state) throw new Error("The response from the auth server doesn't have the state")
const codeVerifier = verifiers[params.state]
const tokenSet = await client.callback(CALLBACK_URL, params, { const tokenSet = await client.callback(CALLBACK_URL, params, {
code_verifier: codeVerifier, code_verifier: codeVerifier,
state: 'tartiflettePomme123', state: params.state,
}) })
console.log(tokenSet.claims()) delete verifiers[params.state]
const userExtended = tokenSet.claims()
const user: SigmaUser = {
username: userExtended.preferred_username, // Unique ?
name: userExtended.name,
groups: userExtended.groups,
} as SigmaUser
// console.log(tokenSet.claims())
// const user = ... // const user = ...
const token = await auth.use('api').login(user) // const token = await auth.use('api').login(user)
return token // return token
return response.ok(tokenSet.claims())
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment