Merge pull request #848 from vector-im/fix/dynamic-oidc-registration

Fix/dynamic OIDC registration
This commit is contained in:
Robert Long 2022-08-18 11:46:58 -07:00 committed by GitHub
commit 20f48f285f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 23 additions and 11 deletions

View File

@ -63,6 +63,7 @@ export class CompleteOIDCLoginViewModel extends ViewModel {
const oidcApi = new OidcApi({ const oidcApi = new OidcApi({
issuer, issuer,
clientConfigs: this.platform.config.oidc.clientConfigs,
clientId, clientId,
request: this._request, request: this._request,
encoding: this._encoding, encoding: this._encoding,

View File

@ -26,6 +26,7 @@ export class StartOIDCLoginViewModel extends ViewModel {
this._homeserver = options.loginOptions.homeserver; this._homeserver = options.loginOptions.homeserver;
this._api = new OidcApi({ this._api = new OidcApi({
issuer: this._issuer, issuer: this._issuer,
clientConfigs: this._platform.config.oidc.clientConfigs,
request: this.platform.request, request: this.platform.request,
encoding: this.platform.encoding, encoding: this.platform.encoding,
crypto: this.platform.crypto, crypto: this.platform.crypto,

View File

@ -135,6 +135,7 @@ export class Client {
try { try {
const oidcApi = new OidcApi({ const oidcApi = new OidcApi({
issuer, issuer,
clientConfigs: this._platform.config.oidc.clientConfigs,
request: this._platform.request, request: this._platform.request,
encoding: this._platform.encoding, encoding: this._platform.encoding,
crypto: this._platform.crypto, crypto: this._platform.crypto,
@ -265,6 +266,7 @@ export class Client {
if (sessionInfo.oidcIssuer) { if (sessionInfo.oidcIssuer) {
const oidcApi = new OidcApi({ const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer, issuer: sessionInfo.oidcIssuer,
clientConfigs: this._platform.config.oidc.clientConfigs,
clientId: sessionInfo.oidcClientId, clientId: sessionInfo.oidcClientId,
request: this._platform.request, request: this._platform.request,
encoding: this._platform.encoding, encoding: this._platform.encoding,
@ -306,6 +308,9 @@ export class Client {
userId: sessionInfo.userId, userId: sessionInfo.userId,
homeserver: sessionInfo.homeServer, homeserver: sessionInfo.homeServer,
}; };
if (sessionInfo.accountManagementUrl) {
filteredSessionInfo.accountManagementUrl = sessionInfo.accountManagementUrl;
}
const olm = await this._olmPromise; const olm = await this._olmPromise;
let olmWorker = null; let olmWorker = null;
if (this._workerPromise) { if (this._workerPromise) {
@ -484,6 +489,7 @@ export class Client {
await hsApi.logout({log}).response(); await hsApi.logout({log}).response();
const oidcApi = new OidcApi({ const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer, issuer: sessionInfo.oidcIssuer,
clientConfigs: this._platform.config.oidc.clientConfigs,
clientId: sessionInfo.oidcClientId, clientId: sessionInfo.oidcClientId,
request: this._platform.request, request: this._platform.request,
encoding: this._platform.encoding, encoding: this._platform.encoding,

View File

@ -58,17 +58,12 @@ type IssuerUri = string;
interface ClientConfig { interface ClientConfig {
client_id: string; client_id: string;
client_secret?: string; client_secret?: string;
uris: string[],
} }
// These are statically configured OIDC client IDs for particular issuers:
const clientIds: Record<IssuerUri, ClientConfig> = {
"https://id.thirdroom.io/realms/thirdroom/": {
client_id: "thirdroom"
},
};
export class OidcApi<N extends object = SegmentType> { export class OidcApi<N extends object = SegmentType> {
_issuer: string; _issuer: string;
_clientConfigs: Record<IssuerUri, ClientConfig>;
_requestFn: RequestFunction; _requestFn: RequestFunction;
_encoding: any; _encoding: any;
_crypto: any; _crypto: any;
@ -76,8 +71,9 @@ export class OidcApi<N extends object = SegmentType> {
_metadataPromise: Promise<any>; _metadataPromise: Promise<any>;
_registrationPromise: Promise<any>; _registrationPromise: Promise<any>;
constructor({ issuer, request, encoding, crypto, urlCreator, clientId }) { constructor({ issuer, request, encoding, crypto, urlCreator, clientId, clientConfigs }) {
this._issuer = issuer; this._issuer = issuer;
this._clientConfigs = clientConfigs;
this._requestFn = request; this._requestFn = request;
this._encoding = encoding; this._encoding = encoding;
this._crypto = crypto; this._crypto = crypto;
@ -121,8 +117,8 @@ export class OidcApi<N extends object = SegmentType> {
// use static client if available // use static client if available
const authority = `${this.issuer}${this.issuer.endsWith('/') ? '' : '/'}`; const authority = `${this.issuer}${this.issuer.endsWith('/') ? '' : '/'}`;
if (clientIds[authority]) { if (this._clientConfigs[authority] && this._clientConfigs[authority].uris.includes(this._urlCreator.absoluteAppUrl())) {
return clientIds[authority]; return this._clientConfigs[authority];
} }
const headers = new Map(); const headers = new Map();

View File

@ -5,5 +5,13 @@
"applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
}, },
"defaultHomeServer": "matrix.org", "defaultHomeServer": "matrix.org",
"bugReportEndpointUrl": "https://element.io/bugreports/submit" "bugReportEndpointUrl": "https://element.io/bugreports/submit",
"oidc": {
"clientConfigs": {
"https://id.thirdroom.io/realms/thirdroom/": {
"client_id": "thirdroom",
"uris": ["http://localhost:3000", "https://thirdroom.io"]
}
}
}
} }