mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
refactor: throw an error when requesting invalid scope (#94)
This commit is contained in:
parent
4ac3f7b39b
commit
625520d75a
3 changed files with 23 additions and 4 deletions
|
@ -14,9 +14,10 @@ export default function sessionRoutes(router: Router, provider: Provider) {
|
||||||
'/session',
|
'/session',
|
||||||
koaGuard({ body: object({ username: string().optional(), password: string().optional() }) }),
|
koaGuard({ body: object({ username: string().optional(), password: string().optional() }) }),
|
||||||
async (ctx, next) => {
|
async (ctx, next) => {
|
||||||
|
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
|
||||||
const {
|
const {
|
||||||
prompt: { name },
|
prompt: { name },
|
||||||
} = await provider.interactionDetails(ctx.req, ctx.res);
|
} = interaction;
|
||||||
|
|
||||||
if (name === 'login') {
|
if (name === 'login') {
|
||||||
const { username, password } = ctx.guard.body;
|
const { username, password } = ctx.guard.body;
|
||||||
|
@ -64,9 +65,23 @@ export default function sessionRoutes(router: Router, provider: Provider) {
|
||||||
);
|
);
|
||||||
|
|
||||||
router.post('/session/consent', async (ctx, next) => {
|
router.post('/session/consent', async (ctx, next) => {
|
||||||
const { session, grantId, params, prompt } = await provider.interactionDetails(
|
const interaction = await provider.interactionDetails(ctx.req, ctx.res);
|
||||||
ctx.req,
|
const { session, grantId, params, prompt } = interaction;
|
||||||
ctx.res
|
|
||||||
|
const { scope } = object({
|
||||||
|
scope: string().optional(),
|
||||||
|
}).parse(params);
|
||||||
|
|
||||||
|
// LOG-49: Connect and check scope with resource indicators
|
||||||
|
const scopes = scope?.split(' ') ?? [];
|
||||||
|
const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
|
||||||
|
assert(
|
||||||
|
invalidScopes.length === 0,
|
||||||
|
new RequestError({
|
||||||
|
code: 'oidc.invalid_scope',
|
||||||
|
count: invalidScopes.length,
|
||||||
|
scopes: invalidScopes.join(', '),
|
||||||
|
})
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(session, 'Session not found');
|
assert(session, 'Session not found');
|
||||||
|
|
|
@ -25,6 +25,8 @@ const errors = {
|
||||||
},
|
},
|
||||||
oidc: {
|
oidc: {
|
||||||
aborted: 'The end-user aborted interaction.',
|
aborted: 'The end-user aborted interaction.',
|
||||||
|
invalid_scope: 'Scope {{scopes}} is not supported.',
|
||||||
|
invalid_scope_plural: 'Scope {{scopes}} are not supported.',
|
||||||
},
|
},
|
||||||
user: {
|
user: {
|
||||||
username_exists: 'The username already exists.',
|
username_exists: 'The username already exists.',
|
||||||
|
|
|
@ -27,6 +27,8 @@ const errors = {
|
||||||
},
|
},
|
||||||
oidc: {
|
oidc: {
|
||||||
aborted: '用户终止了交互。',
|
aborted: '用户终止了交互。',
|
||||||
|
invalid_scope: '不支持的 scope: {{scopes}}。',
|
||||||
|
invalid_scope_plural: '不支持的 scope: {{scopes}}。',
|
||||||
},
|
},
|
||||||
user: {
|
user: {
|
||||||
username_exists: '用户名已存在。',
|
username_exists: '用户名已存在。',
|
||||||
|
|
Loading…
Reference in a new issue