Skip to content

Fix Auth Consent scopes issue #4733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 15, 2018
Merged

Fix Auth Consent scopes issue #4733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
74eedbc
Fix problem with ENV string used as number
impactmass Oct 12, 2018
41fb138
fix: Add better default value for env
impactmass Oct 12, 2018
8105241
Fix scopes not getting passed back to Hydra consent correctly
impactmass Oct 12, 2018
897d6d2
chore: fix text length
impactmass Oct 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions imports/plugins/core/hydra-oauth/server/oauthEndpoints.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,18 +41,26 @@ WebApp.connectHandlers.use("/login", (req, res) => {
});

WebApp.connectHandlers.use("/consent", (req, res) => {
const challenge = req.query.consent_challenge;
// Here, we accept consent directly without presenting a consent form to the user
// because this was built for a trusted Consumer client.
// For non-trusted Consumer clients, this should be updated to present a Consent UI to
// the user grant or deny specific scopes
hydra
.acceptConsentRequest(challenge, {
remember: true,
remember_for: HYDRA_SESSION_LIFESPAN || 3600, // eslint-disable-line camelcase
session: {} // we are not adding any extra user, we use only the sub value already present
})
.then((consentResponse) => {
const challenge = req.query.consent_challenge;
hydra.getConsentRequest(challenge)
.then(async (response) => {
// eslint-disable-next-line camelcase
const options = { grant_scope: response.requested_scope };
// if skip is true (i.e no form UI is shown, there's no need to set `remember`)
if (!response.skip) {
// `remember` tells Hydra to remember this consent grant and reuse it if request is from
// the same user on the same client. Ideally, this should be longer than token lifespan.
// Set default is 24 hrs (set in seconds). Depending on preferred setup, you can allow
// users decide if to enable or disable
options.remember = true;
// eslint-disable-next-line camelcase
options.remember_for = HYDRA_SESSION_LIFESPAN ? Number(HYDRA_SESSION_LIFESPAN) : 86400;
}
const consentResponse = await hydra.acceptConsentRequest(challenge, options);
Logger.debug(`Consent call complete. Redirecting to: ${consentResponse.redirect_to}`);
res.writeHead(301, { Location: consentResponse.redirect_to });
return res.end();
Expand Down
7 changes: 6 additions & 1 deletion imports/plugins/core/hydra-oauth/server/oauthMethods.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ export function oauthLogin(options) {
.acceptLoginRequest(challenge, {
subject: Reaction.getUserId(),
remember,
remember_for: HYDRA_SESSION_LIFESPAN || 3600 // eslint-disable-line camelcase
// `remember` tells Hydra to remember this login and reuse it if the same user on the same
// client tries to log-in again. Ideally, this should be longer than token lifespan.
// Set default is 24 hrs (set in seconds). Depending on preferred setup, you can allow
// users decide if to enable or disable.
// eslint-disable-next-line camelcase
remember_for: HYDRA_SESSION_LIFESPAN ? Number(HYDRA_SESSION_LIFESPAN) : 86400
})
.then((response) => response.redirect_to)
.catch((error) => {
Expand Down