verint.com/eo-services
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

auth now accepts cookie based OIDC token

Browse Source
This commit is contained in:
Peter Morton 2023-07-26 16:57:09 -05:00
parent f56fae304e
commit f0d4d29181
1 changed files with 56 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
src/api/routes/auth.js
View File

@ -3,28 +3,40 @@ import axios from "axios";
import { logger } from "../../utils/index.js"; import { logger } from "../../utils/index.js";
import { decode } from "jsonwebtoken"; import { decode } from "jsonwebtoken";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
import base64url from "base64url";
import jwkToPem from "jwk-to-pem"; import jwkToPem from "jwk-to-pem";
import { sendHTTPError } from "../../utils/http.js"; import localStorage from "local-storage";
const router = Router(); const router = Router();
router.post("/", (req, res) => { router.all("/", (req, res, next) => {
logger.debug("Auth route called");
logger.debug("Headers:");
logger.debug(JSON.stringify(req.headers, null, 2));
logger.debug("Query:");
logger.debug(JSON.stringify(req.query, null, 2));
logger.debug("Body:");
logger.debug(JSON.stringify(req.body, null, 2));
var authHeader = req.headers.authorization;
const prefix = "OIDC_id_token ";
if (authHeader && authHeader.startsWith(prefix)) {
var token = authHeader.substring(prefix.length, authHeader.length);
// base64 should be URL encoded and padding should be removed. var token = null;
token = base64url.fromBase64(token.replace(/=/g, "")); var sessionIdentifier = null;
const cookiePrefix = "__Host-VRNTOTCT";
if (req.cookies) {
logger.debug(
`Checking ${cookiePrefix}... Cookie as this takes presidence over Authorization Header ...`
);
Object.keys(req.cookies).forEach((key) => {
if (key.startsWith(cookiePrefix)) {
logger.info(`Found ${key} cookie using value for token`);
token = req.cookies[key];
sessionIdentifier = key.substring(cookiePrefix.length);
}
});
}
if (!token && req.headers.authorization) {
logger.debug("Checking Authorization Header for OIDC_id_token ...");
var authHeader = req.headers.authorization;
const prefix = "OIDC_id_token ";
if (authHeader && authHeader.startsWith(prefix)) {
logger.info("Found OIDC_id_token in Authorization Header");
token = authHeader.substring(prefix.length, authHeader.length);
}
}
if (token) {
const decoded = decode(token); const decoded = decode(token);
logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`); logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`);
@ -53,22 +65,45 @@ router.post("/", (req, res) => {
algorithms: [key.alg], algorithms: [key.alg],
}); });
logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`); logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`);
const issSplit = verified.iss.split("/oidc-token-service/");
const authData = {
token: token,
host: issSplit[0],
tenant: issSplit[1],
};
logger.info(
`Adding ${
verified.sub
} to local-stoage for environment ${JSON.stringify(authData)}`
);
localStorage(verified.sub, authData);
if (sessionIdentifier && sessionIdentifier.length > 0) {
logger.info(
`Adding ${sessionIdentifier} to local-stoage for environment ${JSON.stringify(
authData
)}`
);
localStorage(sessionIdentifier, authData);
}
res.send(decoded); res.send(decoded);
} catch (err) { } catch (err) {
logger.error(`Verify failed [${JSON.stringify(err, null, 2)}].`); logger.error(`Verify failed [${JSON.stringify(err, null, 2)}].`);
sendHTTPError(err, res); next(err);
} }
} }
}) })
.catch((err) => { .catch((err) => {
logger.error(`JWK Request failed [${JSON.stringify(err, null, 2)}].`); logger.error(`JWK Request failed [${JSON.stringify(err, null, 2)}].`);
sendHTTPError(err, res); next(err);
}); });
} }
} else { } else {
sendHTTPError( next(new Error("Unable to authenticate, no token found"));
new Error("No OIDC_id_token found in Authentication header.")
);
} }
}); });