Comments (1)
Hi @vamsii777 , I went through the whole flow with breakpoints and I observed that the nonce parameter is correctly captured.
Therefore, I looked at the code again and – hopefully / maybe – I found the issue:
The Tokens are generated via the handleToken controller.
This controller calls the codeManager
guard let code = try await codeManager.getCode(codeString)
But the codeManager has no knowledge about the nonce parameter. When the code is generated the nonce parameter is not passed as parameter but in the tokenHandler the nonce parameter is taken from the code.
Token Manager:
guard let code = try await codeManager.getCode(codeString), ...
if isOpenIDConnectFlow {
let (access, refresh, idToken) = try await tokenManager.generateTokens(
clientID: clientID,
userID: code.userID,
scopes: scopes,
accessTokenExpiryTime: expiryTime,
idTokenExpiryTime: expiryTime,
nonce: code.nonce
)
But this is not possible because the CodeManager has no knowledge about nonce:
/// Generate Authorization Code
func generateCode(userID: String, clientID: String, redirectURI: String, scopes: [String]?, codeChallenge: String?, codeChallengeMethod: String?) throws -> String {
If this function is extended to have nonce as optional Parameter as well, then nonce can be stored when the Authorization code is generated and returned in exchange for the code.
I hope this is of some help. As I checked only the Authorization Grant Flow maybe this does not capture all situations.
If I fake it:
/// Generate Authorization Code
func generateCode(userID: String, clientID: String, redirectURI: String, scopes: [String]?, codeChallenge: String?, codeChallengeMethod: String?) throws -> String {
let generatedCode = UUID().uuidString
let expiryDate = Date().addingTimeInterval(60)
let authorizationCode = MyAuthorizationCode(
code_id: generatedCode,
client_id: clientID,
redirect_uri: redirectURI,
user_id: userID,
expiry_date: expiryDate,
scopes: scopes,
code_challenge: codeChallenge,
code_challenge_method: codeChallengeMethod,
nonce: "test" // FAKE IT FOR TESTING PURPOSES
)
_ = authorizationCode.save(on: app.db)
return generatedCode
}
I get the IDToken with nonce:
from vapor-oauth.
Related Issues (3)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vapor-oauth.