mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
refactor: throw an error when requesting invalid scope (#94)
This commit is contained in:
parent
4ac3f7b39b
commit
625520d75a
3 changed files with 23 additions and 4 deletions
|
@ -14,9 +14,10 @@ export default function sessionRoutes(router: Router, provider: Provider) {
|
|||
'/session',
|
||||
koaGuard({ body: object({ username: string().optional(), password: string().optional() }) }),
|
||||
async (ctx, next) => {
|
||||
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
|
||||
const {
|
||||
prompt: { name },
|
||||
} = await provider.interactionDetails(ctx.req, ctx.res);
|
||||
} = interaction;
|
||||
|
||||
if (name === 'login') {
|
||||
const { username, password } = ctx.guard.body;
|
||||
|
@ -64,9 +65,23 @@ export default function sessionRoutes(router: Router, provider: Provider) {
|
|||
);
|
||||
|
||||
router.post('/session/consent', async (ctx, next) => {
|
||||
const { session, grantId, params, prompt } = await provider.interactionDetails(
|
||||
ctx.req,
|
||||
ctx.res
|
||||
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
|
||||
const { session, grantId, params, prompt } = interaction;
|
||||
|
||||
const { scope } = object({
|
||||
scope: string().optional(),
|
||||
}).parse(params);
|
||||
|
||||
// LOG-49: Connect and check scope with resource indicators
|
||||
const scopes = scope?.split(' ') ?? [];
|
||||
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
|
||||
assert(
|
||||
invalidScopes.length === 0,
|
||||
new RequestError({
|
||||
code: 'oidc.invalid_scope',
|
||||
count: invalidScopes.length,
|
||||
scopes: invalidScopes.join(', '),
|
||||
})
|
||||
);
|
||||
|
||||
assert(session, 'Session not found');
|
||||
|
|
|
@ -25,6 +25,8 @@ const errors = {
|
|||
},
|
||||
oidc: {
|
||||
aborted: 'The end-user aborted interaction.',
|
||||
invalid_scope: 'Scope {{scopes}} is not supported.',
|
||||
invalid_scope_plural: 'Scope {{scopes}} are not supported.',
|
||||
},
|
||||
user: {
|
||||
username_exists: 'The username already exists.',
|
||||
|
|
|
@ -27,6 +27,8 @@ const errors = {
|
|||
},
|
||||
oidc: {
|
||||
aborted: '用户终止了交互。',
|
||||
invalid_scope: '不支持的 scope: {{scopes}}。',
|
||||
invalid_scope_plural: '不支持的 scope: {{scopes}}。',
|
||||
},
|
||||
user: {
|
||||
username_exists: '用户名已存在。',
|
||||
|
|
Loading…
Reference in a new issue