0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

refactor: throw an error when requesting invalid scope (#94)

This commit is contained in:
Gao Sun 2021-08-28 10:50:38 +08:00 committed by GitHub
parent 4ac3f7b39b
commit 625520d75a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 4 deletions

View file

@ -14,9 +14,10 @@ export default function sessionRoutes(router: Router, provider: Provider) {
'/session',
koaGuard({ body: object({ username: string().optional(), password: string().optional() }) }),
async (ctx, next) => {
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
const {
prompt: { name },
} = await provider.interactionDetails(ctx.req, ctx.res);
} = interaction;
if (name === 'login') {
const { username, password } = ctx.guard.body;
@ -64,9 +65,23 @@ export default function sessionRoutes(router: Router, provider: Provider) {
);
router.post('/session/consent', async (ctx, next) => {
const { session, grantId, params, prompt } = await provider.interactionDetails(
ctx.req,
ctx.res
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
const { session, grantId, params, prompt } = interaction;
const { scope } = object({
scope: string().optional(),
}).parse(params);
// LOG-49: Connect and check scope with resource indicators
const scopes = scope?.split(' ') ?? [];
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
assert(
invalidScopes.length === 0,
new RequestError({
code: 'oidc.invalid_scope',
count: invalidScopes.length,
scopes: invalidScopes.join(', '),
})
);
assert(session, 'Session not found');

View file

@ -25,6 +25,8 @@ const errors = {
},
oidc: {
aborted: 'The end-user aborted interaction.',
invalid_scope: 'Scope {{scopes}} is not supported.',
invalid_scope_plural: 'Scope {{scopes}} are not supported.',
},
user: {
username_exists: 'The username already exists.',

View file

@ -27,6 +27,8 @@ const errors = {
},
oidc: {
aborted: '用户终止了交互。',
invalid_scope: '不支持的 scope: {{scopes}}。',
invalid_scope_plural: '不支持的 scope: {{scopes}}。',
},
user: {
username_exists: '用户名已存在。',