From c653e0f261d891a1fb4f1b803de0b451727e4568 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Skyler=20M=C3=A4ntysaari?= Date: Sat, 28 Oct 2023 22:35:09 +0300 Subject: [PATCH] fix(server/oauth): Handle errors from OAuth Discovery. (#4678) --- server/src/domain/auth/auth.service.ts | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/server/src/domain/auth/auth.service.ts b/server/src/domain/auth/auth.service.ts index e3b51f360f..891a093490 100644 --- a/server/src/domain/auth/auth.service.ts +++ b/server/src/domain/auth/auth.service.ts @@ -221,7 +221,7 @@ export class AuthService { } const client = await this.getOAuthClient(config); - const url = await client.authorizationUrl({ + const url = client.authorizationUrl({ redirect_uri: this.normalize(config, dto.redirectUri), scope: config.oauth.scope, state: generators.state(), @@ -331,13 +331,18 @@ export class AuthService { response_types: ['code'], }; - const issuer = await Issuer.discover(issuerUrl); - const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[]; - if (algorithms[0] === 'HS256') { - metadata.id_token_signed_response_alg = algorithms[0]; - } + try { + const issuer = await Issuer.discover(issuerUrl); + const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[]; + if (algorithms[0] === 'HS256') { + metadata.id_token_signed_response_alg = algorithms[0]; + } - return new issuer.Client(metadata); + return new issuer.Client(metadata); + } catch (error: Error | any) { + this.logger.error(`Error in OAuth discovery: ${error}`, error?.stack); + throw new InternalServerErrorException(`Error in OAuth discovery: ${error}`, { cause: error }); + } } private normalize(config: SystemConfig, redirectUri: string) {