flashii/misuzu
flashii/misuzu
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added OpenID Connect.

Browse source
This commit is contained in:
flash 2025-02-25 02:29:51 +00:00
parent 24d93a5dbf
commit aaba24894c
33 changed files with 1440 additions and 131 deletions
assets/oauth2.js
authorise.js

21
assets/oauth2.js/authorise.js
View file

@ -77,22 +77,24 @@ const MszOAuth2Authorise = async () => {
const translateError = (serverError, detail) => {
if(serverError === 'auth')
return displayError('access_denied');
if(serverError === 'csrf')
return displayError('invalid_request', 'Request verification failed.');
if(serverError === 'authorise')
return displayError('server_error', 'Server was unable to complete authorisation.');
if(serverError === 'client')
return displayError('invalid_request', 'There is no application associated with the specified Client ID.');
if(serverError === 'csrf')
return displayError('invalid_request', 'Request verification failed.');
if(serverError === 'format')
return displayError('invalid_request', 'Redirect URI specified is not registered with this application.');
if(serverError === 'method')
return displayError('invalid_request', 'Requested code challenge method is not supported.');
if(serverError === 'length')
return displayError('invalid_request', 'Code challenge length is not acceptable.');
if(serverError === 'method')
return displayError('invalid_request', 'Requested code challenge method is not supported.');
if(serverError === 'resptype')
return displayError('unsupported_response_type');
if(serverError === 'required')
return displayError('invalid_request', 'A registered redirect URI must be specified.');
if(serverError === 'scope')
return displayError('invalid_scope', detail === undefined ? undefined : `Requested scope "${detail.scope}" is ${detail.reason}.`);
if(serverError === 'authorise')
return displayError('server_error', 'Server was unable to complete authorisation.');
return displayError('invalid_request', `An unknown error occurred: ${serverError}.`);
};
@ -119,7 +121,9 @@ const MszOAuth2Authorise = async () => {
state = qState;
}
if(queryParams.get('response_type') !== 'code')
const responseTypeArr = (queryParams.get('response_type') ?? '').split(' ').sort();
const responseTypeStr = responseTypeArr.join(' ');
if(!['code', 'code id_token'].includes(responseTypeStr))
return displayError('unsupported_response_type');
let codeChallengeMethod = 'plain';
@ -176,6 +180,7 @@ const MszOAuth2Authorise = async () => {
client: queryParams.get('client_id'),
cc: codeChallenge,
ccm: codeChallengeMethod,
rt: responseTypeStr,
};
if(redirectUriRaw !== undefined)
params.redirect = redirectUriRaw;
@ -191,6 +196,8 @@ const MszOAuth2Authorise = async () => {
const authoriseUri = new URL(body.redirect);
authoriseUri.searchParams.set('code', body.code);
if(body.id_token !== undefined)
authoriseUri.searchParams.set('id_token', body.id_token);
if(state !== undefined)
authoriseUri.searchParams.set('state', state.toString());