@crossauth/sveltekit 1.1.6 → 1.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1524,7 +1524,10 @@ export class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
1524
1524
|
// if we have an upstream client, this call will save the original /authorize call and redirect to
|
|
1525
1525
|
// the upstream auth server's /authorize endpoint
|
|
1526
1526
|
if ((upstream || this.server.oAuthAuthServer?.authServer.upstreamClient) && next && this.server.oAuthAuthServer) {
|
|
1527
|
-
await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next, event.url), upstream);
|
|
1527
|
+
const resp = await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next, event.url), upstream);
|
|
1528
|
+
if (resp?.error) {
|
|
1529
|
+
return json(resp ? resp : { error: "server_error", error_description: "Unknown error" }, { status: 500 });
|
|
1530
|
+
}
|
|
1528
1531
|
}
|
|
1529
1532
|
// the following call returns a constructed url for the
|
|
1530
1533
|
// auth server's /authorize endpoint
|
|
@@ -1592,7 +1595,10 @@ export class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
1592
1595
|
// if we have an upstream client, this call will save the original /authorize call and redirect to
|
|
1593
1596
|
// the upstream auth server's /authorize endpoint
|
|
1594
1597
|
if ((upstream || this.server.oAuthAuthServer?.authServer.upstreamClient) && next && this.server.oAuthAuthServer) {
|
|
1595
|
-
await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1598
|
+
const resp = await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1599
|
+
if (resp?.error) {
|
|
1600
|
+
return json(resp ? resp : { error: "server_error", error_description: "Unknown error" }, { status: 500 });
|
|
1601
|
+
}
|
|
1596
1602
|
}
|
|
1597
1603
|
// the following call returns a constructed url for the
|
|
1598
1604
|
// auth server's /authorize endpoint
|
|
@@ -1659,7 +1665,10 @@ export class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
1659
1665
|
// if we have an upstream client, this call will save the original /authorize call and redirect to
|
|
1660
1666
|
// the upstream auth server's /authorize endpoint
|
|
1661
1667
|
if ((upstream || this.server.oAuthAuthServer?.authServer.upstreamClient) && next && this.server.oAuthAuthServer) {
|
|
1662
|
-
await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1668
|
+
const resp = await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1669
|
+
if (resp?.error) {
|
|
1670
|
+
return json(resp ? resp : { error: "server_error", error_description: "Unknown error" }, { status: 500 });
|
|
1671
|
+
}
|
|
1663
1672
|
}
|
|
1664
1673
|
// the following call returns a constructed url for the
|
|
1665
1674
|
// auth server's /authorize endpoint
|
|
@@ -1727,7 +1736,10 @@ export class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
1727
1736
|
// if we have an upstream client, this call will save the original /authorize call and redirect to
|
|
1728
1737
|
// the upstream auth server's /authorize endpoint
|
|
1729
1738
|
if ((upstream || this.server.oAuthAuthServer?.authServer.upstreamClient) && next && this.server.oAuthAuthServer) {
|
|
1730
|
-
await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1739
|
+
const resp = await this.server.oAuthAuthServer.saveDownstreamAuthzCodeFlow(event, new URL(next), upstream);
|
|
1740
|
+
if (resp?.error) {
|
|
1741
|
+
return json(resp ? resp : { error: "server_error", error_description: "Unknown error" }, { status: 500 });
|
|
1742
|
+
}
|
|
1731
1743
|
}
|
|
1732
1744
|
// the following call returns a constructed url for the
|
|
1733
1745
|
// auth server's /authorize endpoint
|
|
@@ -647,16 +647,16 @@ export class SvelteKitAuthorizationServer {
|
|
|
647
647
|
}
|
|
648
648
|
else {
|
|
649
649
|
// this may be legitimate, if the request is to log in with a local account
|
|
650
|
-
CrossauthLogger.logger.warn(j({ "msg": "
|
|
650
|
+
CrossauthLogger.logger.warn(j({ "msg": "upstreamClients defined but no upstream parameter given in authorize request" }));
|
|
651
651
|
}
|
|
652
652
|
}
|
|
653
653
|
if (upstreamClient && upstreamClientOptions) {
|
|
654
654
|
const state = Crypto.randomValue(32);
|
|
655
655
|
let resp = this.getAuthorizeQuery(url);
|
|
656
656
|
if (!resp.query)
|
|
657
|
-
return resp.error;
|
|
657
|
+
return resp.error ?? { error: "server_error", error_description: "Unknown error" };
|
|
658
658
|
let query = resp.query;
|
|
659
|
-
CrossauthLogger.logger.debug(j({ "msg": `Have upstream client
|
|
659
|
+
CrossauthLogger.logger.debug(j({ "msg": `Have upstream client. Downstream redirect_uri ${query.redirect_uri}` }));
|
|
660
660
|
if (query.response_type == "code") {
|
|
661
661
|
// validate client
|
|
662
662
|
let client;
|
|
@@ -674,6 +674,7 @@ export class SvelteKitAuthorizationServer {
|
|
|
674
674
|
// construct a url to call the /authorize endpoint on the upstream auth server
|
|
675
675
|
const resp = await upstreamClient.startAuthorizationCodeFlow(state, { scope: query.scope, codeChallenge: query.code_challenge, pkce: query.code_challenge != undefined });
|
|
676
676
|
if (resp.error) {
|
|
677
|
+
CrossauthLogger.logger.error(j({ msg: "Failed starting upstream authorization code flow: " + (resp.error_description ?? "") }));
|
|
677
678
|
return {
|
|
678
679
|
ok: false,
|
|
679
680
|
error: resp.error,
|
|
@@ -684,6 +685,7 @@ export class SvelteKitAuthorizationServer {
|
|
|
684
685
|
// create an authorization code
|
|
685
686
|
const codeResp = await this.authServer.getAuthorizationCode(client, query.redirect_uri, scopes, state, query.code_challenge, query.code_challenge_method);
|
|
686
687
|
if (!codeResp.code) {
|
|
688
|
+
CrossauthLogger.logger.error(j({ msg: "Error creating authorization code: " + (codeResp.error_description ?? "") }));
|
|
687
689
|
return {
|
|
688
690
|
ok: false,
|
|
689
691
|
error: "server_error",
|
|
@@ -702,12 +704,14 @@ export class SvelteKitAuthorizationServer {
|
|
|
702
704
|
next: query.next,
|
|
703
705
|
};
|
|
704
706
|
if (!upstreamClientOptions.options.redirect_uri) {
|
|
707
|
+
CrossauthLogger.logger.error("No redirect URI given for upstream client");
|
|
705
708
|
return {
|
|
706
709
|
ok: false,
|
|
707
710
|
error: "server_error",
|
|
708
711
|
error_description: "redirect uri not given for upstream client",
|
|
709
712
|
};
|
|
710
713
|
}
|
|
714
|
+
CrossauthLogger.logger.debug(j({ msg: "Saving data for call to upstream client" }));
|
|
711
715
|
const sessionDataName = upstreamClientOptions.sessionDataName ?? DEFAULT_UPSTREAM_SESSION_DATA_NAME;
|
|
712
716
|
await this.storeSessionData(event, sessionData, sessionDataName);
|
|
713
717
|
let url = resp.url;
|
|
@@ -718,6 +722,7 @@ export class SvelteKitAuthorizationServer {
|
|
|
718
722
|
}
|
|
719
723
|
}
|
|
720
724
|
else {
|
|
725
|
+
CrossauthLogger.logger.error("Invalid call to authorize endpoint. Not called with response_type of code");
|
|
721
726
|
return {
|
|
722
727
|
ok: false,
|
|
723
728
|
error: "invalid_request",
|
|
@@ -773,7 +778,7 @@ export class SvelteKitAuthorizationServer {
|
|
|
773
778
|
if (!resp.query)
|
|
774
779
|
return resp.error;
|
|
775
780
|
let query = resp.query;
|
|
776
|
-
CrossauthLogger.logger.debug(j({ "msg": `Have upstream client
|
|
781
|
+
CrossauthLogger.logger.debug(j({ "msg": `Have upstream client. Downstream redirect_uri ${query.redirect_uri}` }));
|
|
777
782
|
if (query.response_type == "code") {
|
|
778
783
|
// validate client
|
|
779
784
|
let client;
|
|
@@ -1243,7 +1248,7 @@ export class SvelteKitAuthorizationServer {
|
|
|
1243
1248
|
const sessionDataName = upstreamClientOptions.sessionDataName ?? DEFAULT_UPSTREAM_SESSION_DATA_NAME;
|
|
1244
1249
|
oauthData = await this.svelteKitServer.sessionAdapter?.getSessionData(event, sessionDataName) ?? {};
|
|
1245
1250
|
if (this.authServer.upstreamClients && (!("upstream_label" in oauthData) || !(oauthData.upstream_label in this.authServer.upstreamClients))) {
|
|
1246
|
-
return this.redirectError(oauthData.orig_redirect_uri, "server_error", "Invalid upstream client found in
|
|
1251
|
+
return this.redirectError(oauthData.orig_redirect_uri, "server_error", "Invalid upstream client found in session");
|
|
1247
1252
|
}
|
|
1248
1253
|
if (this.authServer.upstreamClients) {
|
|
1249
1254
|
upstreamClient = this.authServer.upstreamClients[oauthData.upstream_label];
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@crossauth/sveltekit",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.7",
|
|
4
4
|
"license": "Apache-2.0",
|
|
5
5
|
"description": "Sveltekit adapter for Crossauth authentication package",
|
|
6
6
|
"private": false,
|
|
@@ -54,8 +54,8 @@
|
|
|
54
54
|
"minimatch": "^10.0.1",
|
|
55
55
|
"publint": "0.3.15",
|
|
56
56
|
"qrcode": "^1.5.4",
|
|
57
|
-
"@crossauth/backend": "^1.1.
|
|
58
|
-
"@crossauth/common": "^1.1.
|
|
57
|
+
"@crossauth/backend": "^1.1.7",
|
|
58
|
+
"@crossauth/common": "^1.1.7"
|
|
59
59
|
},
|
|
60
60
|
"scripts": {
|
|
61
61
|
"preparex": "svelte-kit sync",
|