fix: pass auth type in authURL to be used in identity widget (#2920)
This commit is contained in:
committed by
Shawn Erquhart
parent
7391061b3b
commit
87b4d0f765
@ -41,7 +41,9 @@ export default class ImplicitAuthenticator {
|
|||||||
authURL.searchParams.set('redirect_uri', document.location.origin + document.location.pathname);
|
authURL.searchParams.set('redirect_uri', document.location.origin + document.location.pathname);
|
||||||
authURL.searchParams.set('response_type', 'token');
|
authURL.searchParams.set('response_type', 'token');
|
||||||
authURL.searchParams.set('scope', options.scope);
|
authURL.searchParams.set('scope', options.scope);
|
||||||
authURL.searchParams.set('state', createNonce());
|
|
||||||
|
const state = JSON.stringify({ auth_type: 'implicit', nonce: createNonce() });
|
||||||
|
authURL.searchParams.set('state', state);
|
||||||
|
|
||||||
document.location.assign(authURL.href);
|
document.location.assign(authURL.href);
|
||||||
}
|
}
|
||||||
@ -59,7 +61,8 @@ export default class ImplicitAuthenticator {
|
|||||||
|
|
||||||
const params = Map(hashParams.entries());
|
const params = Map(hashParams.entries());
|
||||||
|
|
||||||
const validNonce = validateNonce(params.get('state'));
|
const { nonce } = JSON.parse(params.get('state'));
|
||||||
|
const validNonce = validateNonce(nonce);
|
||||||
if (!validNonce) {
|
if (!validNonce) {
|
||||||
return cb(new Error('Invalid nonce'));
|
return cb(new Error('Invalid nonce'));
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user