strapi-plugin-oidc 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.js +33 -7
- package/dist/server/index.mjs +33 -7
- package/package.json +1 -1
package/dist/server/index.js
CHANGED
|
@@ -222,6 +222,7 @@ function clearAuthCookies(strapi2, ctx) {
|
|
|
222
222
|
const options2 = getExpiredCookieOptions(strapi2, ctx);
|
|
223
223
|
ctx.cookies.set("strapi_admin_refresh", "", options2);
|
|
224
224
|
ctx.cookies.set("oidc_authenticated", "", { ...options2, path: "/" });
|
|
225
|
+
ctx.cookies.set("oidc_access_token", "", { ...options2, path: "/" });
|
|
225
226
|
}
|
|
226
227
|
const REQUIRED_CONFIG_KEYS = [
|
|
227
228
|
"OIDC_CLIENT_ID",
|
|
@@ -303,7 +304,8 @@ async function exchangeTokenAndFetchUserInfo(config2, params, expectedNonce) {
|
|
|
303
304
|
if (!userResponse.ok) {
|
|
304
305
|
throw new Error("Failed to fetch user info");
|
|
305
306
|
}
|
|
306
|
-
|
|
307
|
+
const userInfo = await userResponse.json();
|
|
308
|
+
return { userInfo, accessToken: tokenData.access_token };
|
|
307
309
|
}
|
|
308
310
|
async function registerNewUser(userService, oauthService2, roleService2, email, userResponseData, whitelistUser, config2, ctx) {
|
|
309
311
|
let roles2 = [];
|
|
@@ -369,13 +371,25 @@ async function oidcSignInCallback(ctx) {
|
|
|
369
371
|
params.append("grant_type", config2.OIDC_GRANT_TYPE);
|
|
370
372
|
params.append("code_verifier", codeVerifier ?? "");
|
|
371
373
|
try {
|
|
372
|
-
const
|
|
374
|
+
const { userInfo, accessToken } = await exchangeTokenAndFetchUserInfo(
|
|
375
|
+
config2,
|
|
376
|
+
params,
|
|
377
|
+
oidcNonce ?? ""
|
|
378
|
+
);
|
|
379
|
+
const isProduction = strapi.config.get("environment") === "production";
|
|
380
|
+
ctx.cookies.set("oidc_access_token", accessToken, {
|
|
381
|
+
httpOnly: true,
|
|
382
|
+
maxAge: 3e5,
|
|
383
|
+
// 5 minutes — matches typical provider access token lifetime
|
|
384
|
+
secure: isProduction && ctx.request.secure,
|
|
385
|
+
sameSite: "lax"
|
|
386
|
+
});
|
|
373
387
|
const { activateUser, jwtToken } = await handleUserAuthentication(
|
|
374
388
|
userService,
|
|
375
389
|
oauthService2,
|
|
376
390
|
roleService2,
|
|
377
391
|
whitelistService2,
|
|
378
|
-
|
|
392
|
+
userInfo,
|
|
379
393
|
config2,
|
|
380
394
|
ctx
|
|
381
395
|
);
|
|
@@ -391,14 +405,26 @@ async function oidcSignInCallback(ctx) {
|
|
|
391
405
|
async function logout(ctx) {
|
|
392
406
|
const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
|
|
393
407
|
const logoutUrl = config2.OIDC_END_SESSION_ENDPOINT;
|
|
408
|
+
const adminPanelUrl = strapi.config.get("admin.url", "/admin");
|
|
394
409
|
const isOidcSession = !!ctx.cookies.get("oidc_authenticated");
|
|
410
|
+
const accessToken = ctx.cookies.get("oidc_access_token");
|
|
395
411
|
clearAuthCookies(strapi, ctx);
|
|
412
|
+
if (logoutUrl && isOidcSession && accessToken) {
|
|
413
|
+
try {
|
|
414
|
+
const response = await fetch(config2.OIDC_USERINFO_ENDPOINT, {
|
|
415
|
+
headers: { Authorization: `Bearer ${accessToken}` }
|
|
416
|
+
});
|
|
417
|
+
if (response.ok) {
|
|
418
|
+
return ctx.redirect(logoutUrl);
|
|
419
|
+
}
|
|
420
|
+
} catch {
|
|
421
|
+
}
|
|
422
|
+
return ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
423
|
+
}
|
|
396
424
|
if (logoutUrl && isOidcSession) {
|
|
397
|
-
ctx.redirect(logoutUrl);
|
|
398
|
-
} else {
|
|
399
|
-
const adminPanelUrl = strapi.config.get("admin.url", "/admin");
|
|
400
|
-
ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
425
|
+
return ctx.redirect(logoutUrl);
|
|
401
426
|
}
|
|
427
|
+
ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
402
428
|
}
|
|
403
429
|
const oidc = {
|
|
404
430
|
oidcSignIn,
|
package/dist/server/index.mjs
CHANGED
|
@@ -216,6 +216,7 @@ function clearAuthCookies(strapi2, ctx) {
|
|
|
216
216
|
const options2 = getExpiredCookieOptions(strapi2, ctx);
|
|
217
217
|
ctx.cookies.set("strapi_admin_refresh", "", options2);
|
|
218
218
|
ctx.cookies.set("oidc_authenticated", "", { ...options2, path: "/" });
|
|
219
|
+
ctx.cookies.set("oidc_access_token", "", { ...options2, path: "/" });
|
|
219
220
|
}
|
|
220
221
|
const REQUIRED_CONFIG_KEYS = [
|
|
221
222
|
"OIDC_CLIENT_ID",
|
|
@@ -297,7 +298,8 @@ async function exchangeTokenAndFetchUserInfo(config2, params, expectedNonce) {
|
|
|
297
298
|
if (!userResponse.ok) {
|
|
298
299
|
throw new Error("Failed to fetch user info");
|
|
299
300
|
}
|
|
300
|
-
|
|
301
|
+
const userInfo = await userResponse.json();
|
|
302
|
+
return { userInfo, accessToken: tokenData.access_token };
|
|
301
303
|
}
|
|
302
304
|
async function registerNewUser(userService, oauthService2, roleService2, email, userResponseData, whitelistUser, config2, ctx) {
|
|
303
305
|
let roles2 = [];
|
|
@@ -363,13 +365,25 @@ async function oidcSignInCallback(ctx) {
|
|
|
363
365
|
params.append("grant_type", config2.OIDC_GRANT_TYPE);
|
|
364
366
|
params.append("code_verifier", codeVerifier ?? "");
|
|
365
367
|
try {
|
|
366
|
-
const
|
|
368
|
+
const { userInfo, accessToken } = await exchangeTokenAndFetchUserInfo(
|
|
369
|
+
config2,
|
|
370
|
+
params,
|
|
371
|
+
oidcNonce ?? ""
|
|
372
|
+
);
|
|
373
|
+
const isProduction = strapi.config.get("environment") === "production";
|
|
374
|
+
ctx.cookies.set("oidc_access_token", accessToken, {
|
|
375
|
+
httpOnly: true,
|
|
376
|
+
maxAge: 3e5,
|
|
377
|
+
// 5 minutes — matches typical provider access token lifetime
|
|
378
|
+
secure: isProduction && ctx.request.secure,
|
|
379
|
+
sameSite: "lax"
|
|
380
|
+
});
|
|
367
381
|
const { activateUser, jwtToken } = await handleUserAuthentication(
|
|
368
382
|
userService,
|
|
369
383
|
oauthService2,
|
|
370
384
|
roleService2,
|
|
371
385
|
whitelistService2,
|
|
372
|
-
|
|
386
|
+
userInfo,
|
|
373
387
|
config2,
|
|
374
388
|
ctx
|
|
375
389
|
);
|
|
@@ -385,14 +399,26 @@ async function oidcSignInCallback(ctx) {
|
|
|
385
399
|
async function logout(ctx) {
|
|
386
400
|
const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
|
|
387
401
|
const logoutUrl = config2.OIDC_END_SESSION_ENDPOINT;
|
|
402
|
+
const adminPanelUrl = strapi.config.get("admin.url", "/admin");
|
|
388
403
|
const isOidcSession = !!ctx.cookies.get("oidc_authenticated");
|
|
404
|
+
const accessToken = ctx.cookies.get("oidc_access_token");
|
|
389
405
|
clearAuthCookies(strapi, ctx);
|
|
406
|
+
if (logoutUrl && isOidcSession && accessToken) {
|
|
407
|
+
try {
|
|
408
|
+
const response = await fetch(config2.OIDC_USERINFO_ENDPOINT, {
|
|
409
|
+
headers: { Authorization: `Bearer ${accessToken}` }
|
|
410
|
+
});
|
|
411
|
+
if (response.ok) {
|
|
412
|
+
return ctx.redirect(logoutUrl);
|
|
413
|
+
}
|
|
414
|
+
} catch {
|
|
415
|
+
}
|
|
416
|
+
return ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
417
|
+
}
|
|
390
418
|
if (logoutUrl && isOidcSession) {
|
|
391
|
-
ctx.redirect(logoutUrl);
|
|
392
|
-
} else {
|
|
393
|
-
const adminPanelUrl = strapi.config.get("admin.url", "/admin");
|
|
394
|
-
ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
419
|
+
return ctx.redirect(logoutUrl);
|
|
395
420
|
}
|
|
421
|
+
ctx.redirect(`${adminPanelUrl}/auth/login`);
|
|
396
422
|
}
|
|
397
423
|
const oidc = {
|
|
398
424
|
oidcSignIn,
|
package/package.json
CHANGED