OpenServer/OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Working towards OpenID - Connect

Browse Source 
- Adding id_token support
- Adding bearer token header support for client api auth
This commit is contained in:
Fabian Stamm
2020-03-09 15:03:26 +01:00
parent 40b134ace7
commit 8edfaba134
8 changed files with 63 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/api/middlewares/client.ts
View File

@ -11,11 +11,11 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
try {
let client_id = req.query.client_id || req.body.client_id;
let client_secret = req.query.client_secret || req.body.client_secret;
if(!client_id && !client_secret && req.headers.authorization) {
if (!client_id && !client_secret && req.headers.authorization) {
let header = req.headers.authorization;
let [type, val] = header.split(" ");
if(val) {
if (val) {
let str = Buffer.from(val, "base64").toString("utf-8");
let [id, secret] = str.split(":");
client_id = id;
@ -53,10 +53,13 @@ export function GetClientApiAuthMiddleware(permissions?: string[]) {
return async (req: Request, res: Response, next: NextFunction) => {
try {
const invalid_err = new RequestError(req.__("You are not logged in or your login is expired"), HttpStatusCode.UNAUTHORIZED);
let token = req.query.access_token || req.headers.authorization;
let token: string = req.query.access_token || req.headers.authorization;
if (!token)
throw invalid_err;
if (token.toLowerCase().startsWith("bearer "))
token = token.substring(7);
let data: OAuthJWT;
try {
data = await validateJWT(token);