c-l/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-04-21 15:36:26 +02:00
Code Releases Activity

fix(server): validate oauth profile has a sub ()

Browse source
This commit is contained in:
Jason Rasmussen 2025-02-08 17:01:28 -05:00 committed by GitHub
parent fb21950ad8
commit 758bcd1e97
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 1 deletions

7
server/src/repositories/oauth.repository.ts
View file

@ -43,7 +43,12 @@ export class OAuthRepository {
const params = client.callbackParams(url);
try {
const tokens = await client.callback(redirectUrl, params, { state: params.state });
return await client.userinfo<OAuthProfile>(tokens.access_token || '');
const profile = await client.userinfo<OAuthProfile>(tokens.access_token || '');
if (!profile.sub) {
throw new Error('Unexpected profile response, no `sub`');
}
return profile;
} catch (error: Error | any) {
if (error.message.includes('unexpected JWT alg received')) {
this.logger.warn(