mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
fix(oidc): session refresh failure (#3603)
This fixes an issue with OpenID Connect where refresh sessions fail to process.
This commit is contained in:
parent
b619f04771
commit
a6a05ef373
2
go.mod
2
go.mod
|
@ -22,6 +22,7 @@ require (
|
||||||
github.com/knadh/koanf v1.4.2
|
github.com/knadh/koanf v1.4.2
|
||||||
github.com/mattn/go-sqlite3 v2.0.3+incompatible
|
github.com/mattn/go-sqlite3 v2.0.3+incompatible
|
||||||
github.com/mitchellh/mapstructure v1.5.0
|
github.com/mitchellh/mapstructure v1.5.0
|
||||||
|
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
|
||||||
github.com/ory/fosite v0.42.2
|
github.com/ory/fosite v0.42.2
|
||||||
github.com/ory/herodot v0.9.13
|
github.com/ory/herodot v0.9.13
|
||||||
github.com/otiai10/copy v1.7.0
|
github.com/otiai10/copy v1.7.0
|
||||||
|
@ -76,7 +77,6 @@ require (
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
||||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||||
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
|
|
||||||
github.com/ory/go-acc v0.2.6 // indirect
|
github.com/ory/go-acc v0.2.6 // indirect
|
||||||
github.com/ory/go-convenience v0.1.0 // indirect
|
github.com/ory/go-convenience v0.1.0 // indirect
|
||||||
github.com/ory/viper v1.7.5 // indirect
|
github.com/ory/viper v1.7.5 // indirect
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
"github.com/mohae/deepcopy"
|
||||||
"github.com/ory/fosite"
|
"github.com/ory/fosite"
|
||||||
"github.com/ory/fosite/handler/openid"
|
"github.com/ory/fosite/handler/openid"
|
||||||
|
|
||||||
|
@ -40,16 +41,13 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
|
||||||
var (
|
var (
|
||||||
subject string
|
subject string
|
||||||
sessionOpenID *OpenIDSession
|
sessionOpenID *OpenIDSession
|
||||||
|
ok bool
|
||||||
sessionData []byte
|
sessionData []byte
|
||||||
)
|
)
|
||||||
|
|
||||||
s := r.GetSession()
|
sessionOpenID, ok = r.GetSession().(*OpenIDSession)
|
||||||
|
if !ok {
|
||||||
switch t := s.(type) {
|
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", r.GetSession())
|
||||||
case *OpenIDSession:
|
|
||||||
sessionOpenID = t
|
|
||||||
default:
|
|
||||||
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
subject = sessionOpenID.GetSubject()
|
subject = sessionOpenID.GetSubject()
|
||||||
|
@ -163,16 +161,6 @@ type OAuth2BlacklistedJTI struct {
|
||||||
ExpiresAt time.Time `db:"expires_at"`
|
ExpiresAt time.Time `db:"expires_at"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// OpenIDSession holds OIDC Session information.
|
|
||||||
type OpenIDSession struct {
|
|
||||||
*openid.DefaultSession `json:"id_token"`
|
|
||||||
|
|
||||||
ChallengeID uuid.UUID `db:"challenge_id"`
|
|
||||||
ClientID string
|
|
||||||
|
|
||||||
Extra map[string]interface{} `json:"extra"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OAuth2Session represents a OAuth2.0 session.
|
// OAuth2Session represents a OAuth2.0 session.
|
||||||
type OAuth2Session struct {
|
type OAuth2Session struct {
|
||||||
ID int `db:"id"`
|
ID int `db:"id"`
|
||||||
|
@ -229,3 +217,22 @@ func (s OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, st
|
||||||
Session: session,
|
Session: session,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OpenIDSession holds OIDC Session information.
|
||||||
|
type OpenIDSession struct {
|
||||||
|
*openid.DefaultSession `json:"id_token"`
|
||||||
|
|
||||||
|
ChallengeID uuid.UUID `db:"challenge_id"`
|
||||||
|
ClientID string
|
||||||
|
|
||||||
|
Extra map[string]interface{} `json:"extra"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Clone copies the OpenIDSession to a new fosite.Session.
|
||||||
|
func (s *OpenIDSession) Clone() fosite.Session {
|
||||||
|
if s == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return deepcopy.Copy(s).(fosite.Session)
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user