api: add client.autoAccept flag to not ask for authorization
This commit is contained in:
parent
9a7043ea71
commit
76620c5e8f
|
@ -15,7 +15,8 @@
|
|||
"validRedirectUris": ["http://localhost:3001/redirect"],
|
||||
"refreshTokenExpirySeconds": 604800,
|
||||
"maxScope": "*",
|
||||
"title": "OBS Portal"
|
||||
"title": "OBS Portal",
|
||||
"autoAccept": true
|
||||
},
|
||||
{
|
||||
"clientId": "a2958209-4045-4ec9-8cb3-1156abba7de3",
|
||||
|
|
|
@ -49,6 +49,8 @@ const configSchema = Joi.object({
|
|||
// scope to get a valid response. Scopes are not automatically truncated.
|
||||
// Leave empty or set to `"*"` for unlimited scopes in this client.
|
||||
maxScope: Joi.string().required(),
|
||||
|
||||
autoAccept: Joi.boolean().optional(),
|
||||
}),
|
||||
),
|
||||
}).required();
|
||||
|
|
|
@ -10,7 +10,6 @@ const config = require('../config');
|
|||
|
||||
const baseUrl = config.baseUrl.replace(/\/+$/, '');
|
||||
|
||||
|
||||
// Check whether the "bigScope" fully includes the "smallScope".
|
||||
function scopeIncludes(smallScope, bigScope) {
|
||||
const smallScopeParts = smallScope.split(/\s/);
|
||||
|
@ -174,7 +173,7 @@ router.get(
|
|||
return returnError(res, 'invalid_request', 'client_id parameter required');
|
||||
}
|
||||
|
||||
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||
const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||
if (!client) {
|
||||
return returnError(res, 'invalid_client', 'unknown client');
|
||||
}
|
||||
|
@ -234,17 +233,30 @@ router.get(
|
|||
|
||||
// Ok, let's save all this in the session, and show a dialog for the
|
||||
// decision to the user.
|
||||
//
|
||||
if (client.autoAccept) {
|
||||
const code = AuthorizationCode.generate({
|
||||
clientId,
|
||||
user: req.user,
|
||||
redirectUri,
|
||||
scope,
|
||||
codeChallenge,
|
||||
});
|
||||
await code.save();
|
||||
|
||||
req.session.authorizationTransaction = {
|
||||
responseType,
|
||||
clientId,
|
||||
redirectUri,
|
||||
scope,
|
||||
expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time
|
||||
codeChallenge,
|
||||
};
|
||||
return redirectWithParams(res, redirectUri, { code: code.code, scope });
|
||||
} else {
|
||||
req.session.authorizationTransaction = {
|
||||
responseType,
|
||||
clientId,
|
||||
redirectUri,
|
||||
scope,
|
||||
expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time
|
||||
codeChallenge,
|
||||
};
|
||||
|
||||
res.render('authorize', { clientTitle: client.title, scope, redirectUri });
|
||||
res.render('authorize', { clientTitle: client.title, scope, redirectUri });
|
||||
}
|
||||
} catch (err) {
|
||||
res.status(400).json({ error: 'invalid_request', error_description: 'unknown error' });
|
||||
}
|
||||
|
@ -344,7 +356,7 @@ router.get(
|
|||
return returnError(res, 'invalid_request', 'code_verifier parameter required');
|
||||
}
|
||||
|
||||
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||
const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||
|
||||
if (!client) {
|
||||
await destroyAuthCode();
|
||||
|
|
Loading…
Reference in a new issue