Fix `element-desktop-ssoid being` included in OIDC Authorization call (#12495)

* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update src/BasePlatform.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
pull/28217/head
Michael Telatynski 2024-05-13 14:31:08 +01:00 committed by GitHub
parent ed7a21a63c
commit cc6958980b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 17 additions and 6 deletions

View File

@ -315,7 +315,7 @@ export default abstract class BasePlatform {
}
/**
* The URL to return to after a successful SSO/OIDC authentication
* The URL to return to after a successful SSO authentication
* @param fragmentAfterLogin optional fragment for specific view to return to
*/
public getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
@ -438,7 +438,7 @@ export default abstract class BasePlatform {
return {
clientName: config.brand,
clientUri: this.baseUrl,
redirectUris: [this.getSSOCallbackUrl().href],
redirectUris: [this.getOidcCallbackUrl().href],
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
applicationType: "web",
// XXX: We break the spec by not consistently supplying these required fields
@ -457,4 +457,15 @@ export default abstract class BasePlatform {
public getOidcClientState(): string {
return "";
}
/**
* The URL to return to after a successful OIDC authentication
*/
public getOidcCallbackUrl(): URL {
const url = new URL(window.location.href);
// The redirect URL has to exactly match that registered at the OIDC server, so
// ensure that the fragment part of the URL is empty.
url.hash = "";
return url;
}
}

View File

@ -720,7 +720,7 @@ async function createOidcTokenRefresher(credentials: IMatrixClientCreds): Promis
try {
const clientId = getStoredOidcClientId();
const idTokenClaims = getStoredOidcIdTokenClaims();
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
const deviceId = credentials.deviceId;
if (!deviceId) {
throw new Error("Expected deviceId in user credentials.");

View File

@ -169,7 +169,7 @@ export class OidcClientStore {
...metadata,
authority: metadata.issuer,
signingKeys,
redirect_uri: PlatformPeg.get()!.getSSOCallbackUrl().href,
redirect_uri: PlatformPeg.get()!.getOidcCallbackUrl().href,
client_id: clientId,
});
} catch (error) {

View File

@ -40,7 +40,7 @@ export const startOidcLogin = async (
identityServerUrl?: string,
isRegistration?: boolean,
): Promise<void> => {
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;
const nonce = randomString(10);

View File

@ -44,7 +44,7 @@ describe("getOidcClientId()", () => {
return baseUrl;
},
});
Object.defineProperty(PlatformPeg.get(), "getSSOCallbackUrl", {
Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
value: () => ({
href: baseUrl,
}),