Check token response validity (references #183)
This commit is contained in:
parent
c0b7af29b8
commit
ee43c5010f
|
@ -101,6 +101,7 @@ sub extractFormInfo {
|
|||
my $auth_method =
|
||||
$self->{oidcOPMetaDataOptions}->{$op}
|
||||
->{oidcOPMetaDataOptionsTokenEndpointAuthMethod};
|
||||
|
||||
my $content =
|
||||
$self->getAuthorizationCodeAccessToken( $op, $code, $auth_method );
|
||||
return PE_ERROR unless $content;
|
||||
|
@ -113,6 +114,12 @@ sub extractFormInfo {
|
|||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# Check validity of token response
|
||||
unless ( $self->checkTokenResponseValidity($json) ) {
|
||||
$self->lmLog( "Token response is not valid", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
my $access_token = $json->{access_token};
|
||||
my $id_token = $json->{id_token};
|
||||
|
||||
|
|
|
@ -181,6 +181,30 @@ sub getAuthorizationCodeAccessToken {
|
|||
return $response->decoded_content;
|
||||
}
|
||||
|
||||
## @method boolean checkTokenResponseValidity(HashRef json)
|
||||
# Check validity of Token Response
|
||||
# @param json JSON HashRef
|
||||
# return boolean 1 if the response is valid, 0 else
|
||||
sub checkTokenResponseValidity {
|
||||
my ( $self, $json ) = splice @_;
|
||||
|
||||
# token_type MUST be Bearer
|
||||
unless ( $json->{token_type} eq "Bearer" ) {
|
||||
$self->lmLog(
|
||||
"Token type is " . $json->{token_type} . " but must be Bearer",
|
||||
'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
# id_token MUST be present
|
||||
unless ( $json->{id_token} ) {
|
||||
$self->lmLog( "No id_token", 'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
## @method String getUserInfo(String op, String access_token)
|
||||
# Get UserInfo response
|
||||
# @param op OpenIP Provider configuration key
|
||||
|
@ -533,6 +557,10 @@ Build Authentication Request URI for Authorization Code Flow
|
|||
|
||||
Get Token response with autorization code
|
||||
|
||||
=head2 checkTokenResponseValidity
|
||||
|
||||
Check validity of Token Response
|
||||
|
||||
=head2 getUserInfo
|
||||
|
||||
Get UserInfo response
|
||||
|
|
Loading…
Reference in New Issue
Block a user