c-l/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-06 03:46:47 +01:00
Code Releases Activity

fix(server/oauth): Handle errors from OAuth Discovery. (#4678)

Browse source
This commit is contained in:
Skyler Mäntysaari 2023-10-28 22:35:09 +03:00 committed by GitHub
parent f0dd1d715a
commit c653e0f261
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server/src/domain/auth/auth.service.ts
View file

@ -221,7 +221,7 @@ export class AuthService {
} }
const client = await this.getOAuthClient(config); const client = await this.getOAuthClient(config);
const url = await client.authorizationUrl({ const url = client.authorizationUrl({
redirect_uri: this.normalize(config, dto.redirectUri), redirect_uri: this.normalize(config, dto.redirectUri),
scope: config.oauth.scope, scope: config.oauth.scope,
state: generators.state(), state: generators.state(),
@ -331,13 +331,18 @@ export class AuthService {
response_types: ['code'], response_types: ['code'],
}; };
const issuer = await Issuer.discover(issuerUrl); try {
const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[]; const issuer = await Issuer.discover(issuerUrl);
if (algorithms[0] === 'HS256') { const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[];
metadata.id_token_signed_response_alg = algorithms[0]; if (algorithms[0] === 'HS256') {
} metadata.id_token_signed_response_alg = algorithms[0];
}
return new issuer.Client(metadata); return new issuer.Client(metadata);
} catch (error: Error | any) {
this.logger.error(`Error in OAuth discovery: ${error}`, error?.stack);
throw new InternalServerErrorException(`Error in OAuth discovery: ${error}`, { cause: error });
}
} }
private normalize(config: SystemConfig, redirectUri: string) { private normalize(config: SystemConfig, redirectUri: string) {