mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-04 21:04:37 +08:00
add alternative issuer to github oauth
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
Mirror main branch to main-mirror-for-wdb / lint_and_build (push) Has been cancelled
Publish npm packages / publish (push) Has been cancelled
Dev Environment Test With Custom Base Port / restart-dev-and-test-with-custom-base-port (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests with custom base port / setup-tests-with-custom-base-port (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
Publish Swift SDK to prerelease repo / publish (push) Has been cancelled
Sync Main to Dev / sync-commits (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
Mirror main branch to main-mirror-for-wdb / lint_and_build (push) Has been cancelled
Publish npm packages / publish (push) Has been cancelled
Dev Environment Test With Custom Base Port / restart-dev-and-test-with-custom-base-port (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests with custom base port / setup-tests-with-custom-base-port (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
Publish Swift SDK to prerelease repo / publish (push) Has been cancelled
Sync Main to Dev / sync-commits (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
This commit is contained in:
Bilal Godil
parent
27cd8bf56b
commit
030196133a
@ -47,6 +47,7 @@ export abstract class OAuthBaseProvider {
|
||||
public readonly defaultAccessTokenExpiresInMillis?: number,
|
||||
public readonly noPKCE?: boolean,
|
||||
public readonly openid?: boolean,
|
||||
public readonly alternativeIssuers?: string[],
|
||||
) {}
|
||||
|
||||
protected static async createConstructorArgs(options:
|
||||
@ -59,6 +60,7 @@ export abstract class OAuthBaseProvider {
|
||||
defaultAccessTokenExpiresInMillis?: number,
|
||||
tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic",
|
||||
noPKCE?: boolean,
|
||||
alternativeIssuers?: string[],
|
||||
}
|
||||
& (
|
||||
| ({
|
||||
@ -106,6 +108,7 @@ export abstract class OAuthBaseProvider {
|
||||
options.defaultAccessTokenExpiresInMillis,
|
||||
options.noPKCE,
|
||||
options.openid,
|
||||
options.alternativeIssuers,
|
||||
] as const;
|
||||
}
|
||||
|
||||
@ -134,9 +137,22 @@ export abstract class OAuthBaseProvider {
|
||||
state: string,
|
||||
}): Promise<{ userInfo: OAuthUserInfo, tokenSet: TokenSet }> {
|
||||
let tokenSet;
|
||||
const callbackParams = { ...options.callbackParams };
|
||||
|
||||
// If the authorization server returns an `iss` parameter (RFC 9207) that matches
|
||||
// one of the known alternative issuers, rewrite it to the configured issuer so
|
||||
// openid-client's validation accepts it.
|
||||
if (
|
||||
this.alternativeIssuers
|
||||
&& typeof callbackParams.iss === "string"
|
||||
&& this.alternativeIssuers.includes(callbackParams.iss)
|
||||
) {
|
||||
callbackParams.iss = this.oauthClient.issuer.metadata.issuer;
|
||||
}
|
||||
|
||||
const params = [
|
||||
this.redirectUri,
|
||||
options.callbackParams,
|
||||
callbackParams,
|
||||
{
|
||||
code_verifier: this.noPKCE ? undefined : options.codeVerifier,
|
||||
state: options.state,
|
||||
|
||||
@ -17,6 +17,7 @@ export class GithubProvider extends OAuthBaseProvider {
|
||||
}) {
|
||||
return new GithubProvider(...await OAuthBaseProvider.createConstructorArgs({
|
||||
issuer: "https://github.com",
|
||||
alternativeIssuers: ["https://github.com/login/oauth"],
|
||||
authorizationEndpoint: "https://github.com/login/oauth/authorize",
|
||||
tokenEndpoint: "https://github.com/login/oauth/access_token",
|
||||
userinfoEndpoint: "https://api.github.com/user",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user