auth now accepts cookie based OIDC token
This commit is contained in:
parent
f56fae304e
commit
f0d4d29181
@ -3,28 +3,40 @@ import axios from "axios";
|
||||
import { logger } from "../../utils/index.js";
|
||||
import { decode } from "jsonwebtoken";
|
||||
import jwt from "jsonwebtoken";
|
||||
import base64url from "base64url";
|
||||
import jwkToPem from "jwk-to-pem";
|
||||
import { sendHTTPError } from "../../utils/http.js";
|
||||
import localStorage from "local-storage";
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.post("/", (req, res) => {
|
||||
logger.debug("Auth route called");
|
||||
logger.debug("Headers:");
|
||||
logger.debug(JSON.stringify(req.headers, null, 2));
|
||||
logger.debug("Query:");
|
||||
logger.debug(JSON.stringify(req.query, null, 2));
|
||||
logger.debug("Body:");
|
||||
logger.debug(JSON.stringify(req.body, null, 2));
|
||||
var authHeader = req.headers.authorization;
|
||||
const prefix = "OIDC_id_token ";
|
||||
if (authHeader && authHeader.startsWith(prefix)) {
|
||||
var token = authHeader.substring(prefix.length, authHeader.length);
|
||||
router.all("/", (req, res, next) => {
|
||||
|
||||
// base64 should be URL encoded and padding should be removed.
|
||||
token = base64url.fromBase64(token.replace(/=/g, ""));
|
||||
var token = null;
|
||||
var sessionIdentifier = null;
|
||||
const cookiePrefix = "__Host-VRNTOTCT";
|
||||
|
||||
if (req.cookies) {
|
||||
logger.debug(
|
||||
`Checking ${cookiePrefix}... Cookie as this takes presidence over Authorization Header ...`
|
||||
);
|
||||
Object.keys(req.cookies).forEach((key) => {
|
||||
if (key.startsWith(cookiePrefix)) {
|
||||
logger.info(`Found ${key} cookie using value for token`);
|
||||
token = req.cookies[key];
|
||||
sessionIdentifier = key.substring(cookiePrefix.length);
|
||||
}
|
||||
});
|
||||
}
|
||||
if (!token && req.headers.authorization) {
|
||||
logger.debug("Checking Authorization Header for OIDC_id_token ...");
|
||||
var authHeader = req.headers.authorization;
|
||||
const prefix = "OIDC_id_token ";
|
||||
if (authHeader && authHeader.startsWith(prefix)) {
|
||||
logger.info("Found OIDC_id_token in Authorization Header");
|
||||
token = authHeader.substring(prefix.length, authHeader.length);
|
||||
}
|
||||
}
|
||||
|
||||
if (token) {
|
||||
const decoded = decode(token);
|
||||
logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`);
|
||||
|
||||
@ -53,22 +65,45 @@ router.post("/", (req, res) => {
|
||||
algorithms: [key.alg],
|
||||
});
|
||||
logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`);
|
||||
|
||||
const issSplit = verified.iss.split("/oidc-token-service/");
|
||||
|
||||
const authData = {
|
||||
token: token,
|
||||
host: issSplit[0],
|
||||
tenant: issSplit[1],
|
||||
};
|
||||
|
||||
logger.info(
|
||||
`Adding ${
|
||||
verified.sub
|
||||
} to local-stoage for environment ${JSON.stringify(authData)}`
|
||||
);
|
||||
localStorage(verified.sub, authData);
|
||||
|
||||
if (sessionIdentifier && sessionIdentifier.length > 0) {
|
||||
logger.info(
|
||||
`Adding ${sessionIdentifier} to local-stoage for environment ${JSON.stringify(
|
||||
authData
|
||||
)}`
|
||||
);
|
||||
localStorage(sessionIdentifier, authData);
|
||||
}
|
||||
|
||||
res.send(decoded);
|
||||
} catch (err) {
|
||||
logger.error(`Verify failed [${JSON.stringify(err, null, 2)}].`);
|
||||
sendHTTPError(err, res);
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
})
|
||||
.catch((err) => {
|
||||
logger.error(`JWK Request failed [${JSON.stringify(err, null, 2)}].`);
|
||||
sendHTTPError(err, res);
|
||||
next(err);
|
||||
});
|
||||
}
|
||||
} else {
|
||||
sendHTTPError(
|
||||
new Error("No OIDC_id_token found in Authentication header.")
|
||||
);
|
||||
next(new Error("Unable to authenticate, no token found"));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user