Check token response validity (references #183)
This commit is contained in:
parent
c0b7af29b8
commit
ee43c5010f
|
@ -101,6 +101,7 @@ sub extractFormInfo {
|
||||||
my $auth_method =
|
my $auth_method =
|
||||||
$self->{oidcOPMetaDataOptions}->{$op}
|
$self->{oidcOPMetaDataOptions}->{$op}
|
||||||
->{oidcOPMetaDataOptionsTokenEndpointAuthMethod};
|
->{oidcOPMetaDataOptionsTokenEndpointAuthMethod};
|
||||||
|
|
||||||
my $content =
|
my $content =
|
||||||
$self->getAuthorizationCodeAccessToken( $op, $code, $auth_method );
|
$self->getAuthorizationCodeAccessToken( $op, $code, $auth_method );
|
||||||
return PE_ERROR unless $content;
|
return PE_ERROR unless $content;
|
||||||
|
@ -113,6 +114,12 @@ sub extractFormInfo {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Check validity of token response
|
||||||
|
unless ( $self->checkTokenResponseValidity($json) ) {
|
||||||
|
$self->lmLog( "Token response is not valid", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
my $access_token = $json->{access_token};
|
my $access_token = $json->{access_token};
|
||||||
my $id_token = $json->{id_token};
|
my $id_token = $json->{id_token};
|
||||||
|
|
||||||
|
|
|
@ -181,6 +181,30 @@ sub getAuthorizationCodeAccessToken {
|
||||||
return $response->decoded_content;
|
return $response->decoded_content;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method boolean checkTokenResponseValidity(HashRef json)
|
||||||
|
# Check validity of Token Response
|
||||||
|
# @param json JSON HashRef
|
||||||
|
# return boolean 1 if the response is valid, 0 else
|
||||||
|
sub checkTokenResponseValidity {
|
||||||
|
my ( $self, $json ) = splice @_;
|
||||||
|
|
||||||
|
# token_type MUST be Bearer
|
||||||
|
unless ( $json->{token_type} eq "Bearer" ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Token type is " . $json->{token_type} . " but must be Bearer",
|
||||||
|
'error' );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# id_token MUST be present
|
||||||
|
unless ( $json->{id_token} ) {
|
||||||
|
$self->lmLog( "No id_token", 'error' );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
## @method String getUserInfo(String op, String access_token)
|
## @method String getUserInfo(String op, String access_token)
|
||||||
# Get UserInfo response
|
# Get UserInfo response
|
||||||
# @param op OpenIP Provider configuration key
|
# @param op OpenIP Provider configuration key
|
||||||
|
@ -533,6 +557,10 @@ Build Authentication Request URI for Authorization Code Flow
|
||||||
|
|
||||||
Get Token response with autorization code
|
Get Token response with autorization code
|
||||||
|
|
||||||
|
=head2 checkTokenResponseValidity
|
||||||
|
|
||||||
|
Check validity of Token Response
|
||||||
|
|
||||||
=head2 getUserInfo
|
=head2 getUserInfo
|
||||||
|
|
||||||
Get UserInfo response
|
Get UserInfo response
|
||||||
|
|
Loading…
Reference in New Issue
Block a user