fix(SSO/JWT): JWTのヘッダーにtyp
を追加、serviceurlパラメータに対応 (MisskeyIO#537)
This commit is contained in:
parent
075ec2d7df
commit
da9530a8f7
|
@ -63,11 +63,11 @@ export class JWTIdentifyProviderService {
|
||||||
|
|
||||||
fastify.all<{
|
fastify.all<{
|
||||||
Params: { serviceId: string };
|
Params: { serviceId: string };
|
||||||
Querystring?: { return_to?: string };
|
Querystring?: { serviceurl?: string, return_to?: string };
|
||||||
Body?: { return_to?: string };
|
Body?: { serviceurl?: string, return_to?: string };
|
||||||
}>('/:serviceId', async (request, reply) => {
|
}>('/:serviceId', async (request, reply) => {
|
||||||
const serviceId = request.params.serviceId;
|
const serviceId = request.params.serviceId;
|
||||||
const returnTo = request.query?.return_to ?? request.body?.return_to;
|
const returnTo = request.query?.return_to ?? request.query?.serviceurl ?? request.body?.return_to ?? request.body?.serviceurl;
|
||||||
|
|
||||||
const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' });
|
const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' });
|
||||||
if (!ssoServiceProvider) {
|
if (!ssoServiceProvider) {
|
||||||
|
@ -193,6 +193,7 @@ export class JWTIdentifyProviderService {
|
||||||
|
|
||||||
jwt = await new jose.EncryptJWT(payload)
|
jwt = await new jose.EncryptJWT(payload)
|
||||||
.setProtectedHeader({
|
.setProtectedHeader({
|
||||||
|
typ: 'JWT',
|
||||||
alg: ssoServiceProvider.signatureAlgorithm,
|
alg: ssoServiceProvider.signatureAlgorithm,
|
||||||
enc: ssoServiceProvider.cipherAlgorithm,
|
enc: ssoServiceProvider.cipherAlgorithm,
|
||||||
})
|
})
|
||||||
|
@ -209,7 +210,10 @@ export class JWTIdentifyProviderService {
|
||||||
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
||||||
|
|
||||||
jwt = await new jose.SignJWT(payload)
|
jwt = await new jose.SignJWT(payload)
|
||||||
.setProtectedHeader({ alg: ssoServiceProvider.signatureAlgorithm })
|
.setProtectedHeader({
|
||||||
|
typ: 'JWT',
|
||||||
|
alg: ssoServiceProvider.signatureAlgorithm,
|
||||||
|
})
|
||||||
.setIssuer(ssoServiceProvider.issuer)
|
.setIssuer(ssoServiceProvider.issuer)
|
||||||
.setAudience(ssoServiceProvider.audience)
|
.setAudience(ssoServiceProvider.audience)
|
||||||
.setIssuedAt()
|
.setIssuedAt()
|
||||||
|
|
Loading…
Reference in a new issue