Merge pull request #270 from authorizerdev/fix/oauth-provider

fix(server): authorizer openid flow

Author: lakhansamani

.github/workflows/release.yaml

@@ -2,16 +2,16 @@ on:
   workflow_dispatch:
     inputs:
       logLevel:
-        description: "Log level"
+        description: 'Log level'
         required: true
-        default: "warning"
+        default: 'warning'
         type: choice
         options:
           - info
           - warning
           - debug
       tags:
-        description: "Tags"
+        description: 'Tags'
         required: false
         type: boolean
   release:
@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v2
         with:
-          node-version: "16"
+          node-version: '16'
       - # Add support for more platforms with QEMU (optional)
         # https://github.com/docker/setup-qemu-action
         name: Set up QEMU
@@ -36,7 +36,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
       - uses: actions/setup-go@v2
         with:
-          go-version: "^1.17.3"
+          go-version: '^1.19.1'
       - name: Install dependencies
         run: |
           sudo apt-get install build-essential wget zip  libc6-dev-arm64-cross && \

app/.prettierrc.json

@@ -2,5 +2,5 @@
 	"tabWidth": 2,
 	"singleQuote": true,
 	"trailingComma": "all",
-	"useTabs": false
+	"useTabs": true
 }

app/package-lock.json

@@ -6,13 +6,13 @@
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
 		"start": "NODE_ENV=development node ./esbuild.config.js",
-		"format": "prettier --write --use-tabs 'src/**/*.(ts|tsx|js|jsx)'"
+		"format": "prettier --write 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^1.1.2",
+		"@authorizerdev/authorizer-react": "^1.1.3",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",

app/package.json

@@ -38,6 +38,8 @@ export default function Root({
 	const scope = searchParams.get('scope')
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
+	const code = searchParams.get('code') || '';
+	const nonce = searchParams.get('nonce') || '';
 
 	const urlProps: Record<string, any> = {
 		state,
@@ -58,9 +60,19 @@ export default function Root({
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
 			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
+
+			if (code !== '') {
+				params += `&code=${code}`;
+			}
+
+			if (nonce !== '') {
+				params += `&nonce=${nonce}`;
+			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
+
 			const url = new URL(redirectURL);
 			if (redirectURL.includes('?')) {
 				redirectURL = `${redirectURL}&${params}`;
@@ -74,7 +86,7 @@ export default function Root({
 			}
 		}
 		return () => {};
-	}, [token]);
+	}, [token, config]);
 
 	if (loading) {
 		return <h1>Loading...</h1>;
@@ -100,7 +112,7 @@ export default function Root({
 						<Route path="/app" exact>
 							<Login urlProps={urlProps} />
 						</Route>
-						<Route path="/app/signup" exact>
+						<Route path="/app/signup">
 							<SignUp urlProps={urlProps} />
 						</Route>
 						<Route path="/app/reset-password">

app/src/Root.tsx

@@ -2,5 +2,5 @@
 	"tabWidth": 2,
 	"singleQuote": true,
 	"trailingComma": "all",
-	"useTabs": false
+	"useTabs": true
 }

dashboard/.prettierrc.json

@@ -0,0 +1,19 @@
+package constants
+
+const (
+	// - query: for Authorization Code grant. 302 Found triggers redirect.
+	ResponseModeQuery = "query"
+	// - fragment: for Implicit grant. 302 Found triggers redirect.
+	ResponseModeFragment = "fragment"
+	// - form_post: 200 OK with response parameters embedded in an HTML form as hidden parameters.
+	ResponseModeFormPost = "form_post"
+	// - web_message: For Silent Authentication. Uses HTML5 web messaging.
+	ResponseModeWebMessage = "web_message"
+
+	// For the Authorization Code grant, use response_type=code to include the authorization code.
+	ResponseTypeCode = "code"
+	// For the Implicit grant, use response_type=token to include an access token.
+	ResponseTypeToken = "token"
+	// For the Implicit grant of id_token, use response_type=id_token to include an identifier token.
+	ResponseTypeIDToken = "id_token"
+)

server/constants/oauth2.go

@@ -7,9 +7,8 @@ require (
 	github.com/arangodb/go-driver v1.2.1
 	github.com/aws/aws-sdk-go v1.44.109
 	github.com/coreos/go-oidc/v3 v3.1.0
-	github.com/denisenkom/go-mssqldb v0.11.0 // indirect
 	github.com/gin-gonic/gin v1.8.1
-	github.com/glebarez/sqlite v1.5.0 // indirect
+	github.com/glebarez/sqlite v1.5.0
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
 	github.com/go-redis/redis/v8 v8.11.0
 	github.com/goccy/go-json v0.9.11 // indirect
@@ -19,7 +18,6 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/guregu/dynamo v1.16.0
 	github.com/joho/godotenv v1.3.0
-	github.com/mitchellh/gox v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f