api: add client.autoAccept flag to not ask for authorization
This commit is contained in:
parent
9a7043ea71
commit
76620c5e8f
|
@ -15,7 +15,8 @@
|
||||||
"validRedirectUris": ["http://localhost:3001/redirect"],
|
"validRedirectUris": ["http://localhost:3001/redirect"],
|
||||||
"refreshTokenExpirySeconds": 604800,
|
"refreshTokenExpirySeconds": 604800,
|
||||||
"maxScope": "*",
|
"maxScope": "*",
|
||||||
"title": "OBS Portal"
|
"title": "OBS Portal",
|
||||||
|
"autoAccept": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"clientId": "a2958209-4045-4ec9-8cb3-1156abba7de3",
|
"clientId": "a2958209-4045-4ec9-8cb3-1156abba7de3",
|
||||||
|
|
|
@ -49,6 +49,8 @@ const configSchema = Joi.object({
|
||||||
// scope to get a valid response. Scopes are not automatically truncated.
|
// scope to get a valid response. Scopes are not automatically truncated.
|
||||||
// Leave empty or set to `"*"` for unlimited scopes in this client.
|
// Leave empty or set to `"*"` for unlimited scopes in this client.
|
||||||
maxScope: Joi.string().required(),
|
maxScope: Joi.string().required(),
|
||||||
|
|
||||||
|
autoAccept: Joi.boolean().optional(),
|
||||||
}),
|
}),
|
||||||
),
|
),
|
||||||
}).required();
|
}).required();
|
||||||
|
|
|
@ -10,7 +10,6 @@ const config = require('../config');
|
||||||
|
|
||||||
const baseUrl = config.baseUrl.replace(/\/+$/, '');
|
const baseUrl = config.baseUrl.replace(/\/+$/, '');
|
||||||
|
|
||||||
|
|
||||||
// Check whether the "bigScope" fully includes the "smallScope".
|
// Check whether the "bigScope" fully includes the "smallScope".
|
||||||
function scopeIncludes(smallScope, bigScope) {
|
function scopeIncludes(smallScope, bigScope) {
|
||||||
const smallScopeParts = smallScope.split(/\s/);
|
const smallScopeParts = smallScope.split(/\s/);
|
||||||
|
@ -174,7 +173,7 @@ router.get(
|
||||||
return returnError(res, 'invalid_request', 'client_id parameter required');
|
return returnError(res, 'invalid_request', 'client_id parameter required');
|
||||||
}
|
}
|
||||||
|
|
||||||
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId);
|
const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||||
if (!client) {
|
if (!client) {
|
||||||
return returnError(res, 'invalid_client', 'unknown client');
|
return returnError(res, 'invalid_client', 'unknown client');
|
||||||
}
|
}
|
||||||
|
@ -234,17 +233,30 @@ router.get(
|
||||||
|
|
||||||
// Ok, let's save all this in the session, and show a dialog for the
|
// Ok, let's save all this in the session, and show a dialog for the
|
||||||
// decision to the user.
|
// decision to the user.
|
||||||
|
//
|
||||||
|
if (client.autoAccept) {
|
||||||
|
const code = AuthorizationCode.generate({
|
||||||
|
clientId,
|
||||||
|
user: req.user,
|
||||||
|
redirectUri,
|
||||||
|
scope,
|
||||||
|
codeChallenge,
|
||||||
|
});
|
||||||
|
await code.save();
|
||||||
|
|
||||||
req.session.authorizationTransaction = {
|
return redirectWithParams(res, redirectUri, { code: code.code, scope });
|
||||||
responseType,
|
} else {
|
||||||
clientId,
|
req.session.authorizationTransaction = {
|
||||||
redirectUri,
|
responseType,
|
||||||
scope,
|
clientId,
|
||||||
expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time
|
redirectUri,
|
||||||
codeChallenge,
|
scope,
|
||||||
};
|
expiresAt: new Date().getTime() + 1000 * 60 * 2, // 2 minute decision time
|
||||||
|
codeChallenge,
|
||||||
|
};
|
||||||
|
|
||||||
res.render('authorize', { clientTitle: client.title, scope, redirectUri });
|
res.render('authorize', { clientTitle: client.title, scope, redirectUri });
|
||||||
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
res.status(400).json({ error: 'invalid_request', error_description: 'unknown error' });
|
res.status(400).json({ error: 'invalid_request', error_description: 'unknown error' });
|
||||||
}
|
}
|
||||||
|
@ -344,7 +356,7 @@ router.get(
|
||||||
return returnError(res, 'invalid_request', 'code_verifier parameter required');
|
return returnError(res, 'invalid_request', 'code_verifier parameter required');
|
||||||
}
|
}
|
||||||
|
|
||||||
const client = await config.oAuth2Clients.find((c) => c.clientId === clientId);
|
const client = config.oAuth2Clients.find((c) => c.clientId === clientId);
|
||||||
|
|
||||||
if (!client) {
|
if (!client) {
|
||||||
await destroyAuthCode();
|
await destroyAuthCode();
|
||||||
|
|
Loading…
Reference in a new issue