Fix #2708
This commit is contained in:
parent
d843bea529
commit
fd8c3b1b61
|
@ -19,9 +19,8 @@ extends qw(
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
has opList => ( is => 'rw', default => sub { [] } );
|
has opList => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } );
|
||||||
has opNumber => ( is => 'rw', default => 0 );
|
has path => ( is => 'rw', default => 'oauth2' );
|
||||||
has path => ( is => 'rw', default => 'oauth2' );
|
|
||||||
|
|
||||||
use constant sessionKind => 'OIDC';
|
use constant sessionKind => 'OIDC';
|
||||||
|
|
||||||
|
@ -36,7 +35,6 @@ sub init {
|
||||||
$self->logger->error("No OP configured");
|
$self->logger->error("No OP configured");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->opNumber( scalar @tab );
|
|
||||||
my @list = ();
|
my @list = ();
|
||||||
my $portalPath = $self->conf->{portal};
|
my $portalPath = $self->conf->{portal};
|
||||||
|
|
||||||
|
@ -242,7 +240,7 @@ sub extractFormInfo {
|
||||||
$self->logger->debug("Redirecting user to OP list");
|
$self->logger->debug("Redirecting user to OP list");
|
||||||
|
|
||||||
# Auto select provider if there is only one
|
# Auto select provider if there is only one
|
||||||
if ( $self->opNumber == 1 ) {
|
if ( @{ $self->opList } == 1 ) {
|
||||||
$op = $self->opList->[0]->{val};
|
$op = $self->opList->[0]->{val};
|
||||||
$self->logger->debug("Selecting the only defined OP: $op");
|
$self->logger->debug("Selecting the only defined OP: $op");
|
||||||
}
|
}
|
||||||
|
|
|
@ -86,10 +86,16 @@ sub loadOPs {
|
||||||
|
|
||||||
# Extract JSON data
|
# Extract JSON data
|
||||||
foreach ( keys %{ $self->conf->{oidcOPMetaDataJSON} } ) {
|
foreach ( keys %{ $self->conf->{oidcOPMetaDataJSON} } ) {
|
||||||
$self->oidcOPList->{$_}->{conf} =
|
my $op_conf =
|
||||||
$self->decodeJSON( $self->conf->{oidcOPMetaDataJSON}->{$_} );
|
$self->decodeJSON( $self->conf->{oidcOPMetaDataJSON}->{$_} );
|
||||||
$self->oidcOPList->{$_}->{jwks} =
|
if ($op_conf) {
|
||||||
$self->decodeJSON( $self->conf->{oidcOPMetaDataJWKS}->{$_} );
|
$self->oidcOPList->{$_}->{conf} = $op_conf;
|
||||||
|
$self->oidcOPList->{$_}->{jwks} =
|
||||||
|
$self->decodeJSON( $self->conf->{oidcOPMetaDataJWKS}->{$_} );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->logger->warn("Could not parse OIDC metadata for $_");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set rule
|
# Set rule
|
||||||
|
@ -319,6 +325,14 @@ sub buildAuthorizationCodeAuthnRequest {
|
||||||
|
|
||||||
my $authorize_uri =
|
my $authorize_uri =
|
||||||
$self->oidcOPList->{$op}->{conf}->{authorization_endpoint};
|
$self->oidcOPList->{$op}->{conf}->{authorization_endpoint};
|
||||||
|
|
||||||
|
unless ($authorize_uri) {
|
||||||
|
$self->logger->error(
|
||||||
|
"Could not build Authorize request: no
|
||||||
|
'authorization_endpoint'" . " in JSON metadata for OP $op"
|
||||||
|
);
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
my $client_id =
|
my $client_id =
|
||||||
$self->conf->{oidcOPMetaDataOptions}->{$op}
|
$self->conf->{oidcOPMetaDataOptions}->{$op}
|
||||||
->{oidcOPMetaDataOptionsClientID};
|
->{oidcOPMetaDataOptionsClientID};
|
||||||
|
@ -482,6 +496,14 @@ sub getAuthorizationCodeAccessToken {
|
||||||
my $redirect_uri = $self->getCallbackUri($req);
|
my $redirect_uri = $self->getCallbackUri($req);
|
||||||
my $access_token_uri =
|
my $access_token_uri =
|
||||||
$self->oidcOPList->{$op}->{conf}->{token_endpoint};
|
$self->oidcOPList->{$op}->{conf}->{token_endpoint};
|
||||||
|
unless ($access_token_uri) {
|
||||||
|
$self->logger->error(
|
||||||
|
"Could not build Token request: no
|
||||||
|
'token_endpoint'" . " in JSON metadata for OP $op"
|
||||||
|
);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
my $grant_type = "authorization_code";
|
my $grant_type = "authorization_code";
|
||||||
|
|
||||||
unless ( $auth_method =~ /^client_secret_(basic|post)$/o ) {
|
unless ( $auth_method =~ /^client_secret_(basic|post)$/o ) {
|
||||||
|
|
Loading…
Reference in New Issue