mirror of
https://github.com/immich-app/immich.git
synced 2025-01-07 20:36:48 +01:00
fix(server/oauth): Handle errors from OAuth Discovery. (#4678)
This commit is contained in:
parent
f0dd1d715a
commit
c653e0f261
1 changed files with 12 additions and 7 deletions
|
@ -221,7 +221,7 @@ export class AuthService {
|
||||||
}
|
}
|
||||||
|
|
||||||
const client = await this.getOAuthClient(config);
|
const client = await this.getOAuthClient(config);
|
||||||
const url = await client.authorizationUrl({
|
const url = client.authorizationUrl({
|
||||||
redirect_uri: this.normalize(config, dto.redirectUri),
|
redirect_uri: this.normalize(config, dto.redirectUri),
|
||||||
scope: config.oauth.scope,
|
scope: config.oauth.scope,
|
||||||
state: generators.state(),
|
state: generators.state(),
|
||||||
|
@ -331,6 +331,7 @@ export class AuthService {
|
||||||
response_types: ['code'],
|
response_types: ['code'],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
try {
|
||||||
const issuer = await Issuer.discover(issuerUrl);
|
const issuer = await Issuer.discover(issuerUrl);
|
||||||
const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[];
|
const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[];
|
||||||
if (algorithms[0] === 'HS256') {
|
if (algorithms[0] === 'HS256') {
|
||||||
|
@ -338,6 +339,10 @@ export class AuthService {
|
||||||
}
|
}
|
||||||
|
|
||||||
return new issuer.Client(metadata);
|
return new issuer.Client(metadata);
|
||||||
|
} catch (error: Error | any) {
|
||||||
|
this.logger.error(`Error in OAuth discovery: ${error}`, error?.stack);
|
||||||
|
throw new InternalServerErrorException(`Error in OAuth discovery: ${error}`, { cause: error });
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private normalize(config: SystemConfig, redirectUri: string) {
|
private normalize(config: SystemConfig, redirectUri: string) {
|
||||||
|
|
Loading…
Reference in a new issue