Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00
Code Issues Activity

feat(core): add error_code_key query string param (#6519)

Browse source 
* feat(core): add error_key query string param
feat(core): add error_key query string param
add error_key query string param

 Please enter the commit message for your changes. Lines starting

* chore(core): rename

rename the query param name

* fix(core): safe parse

safe parse

* chore: add changeset

add changeset
This commit is contained in:
simeng-li 2024-08-27 14:15:40 +08:00 committed by GitHub
parent 0fec957d70
commit 6951e31578
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 43 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.changeset/tiny-fishes-bake.md Normal file
View file

@ -0,0 +1,26 @@
---
"@logto/core": patch
---
introduce new `error_code_key` query parameter in the `koaErrorHandler`.
By default, Logto uses `code` as the error code key in the error response body.
For some third-party connectors, like Google, `code` is considered as a reserved OIDC key,
can't be used as the error code key in the error response body. Any oidc error response body containing `code` will be rejected by Google.
To workaround this, we introduce a new `error_code_key` query parameter to customize the error code key in the error response body.
In the oidc requests, if the `error_code_key` is present in the query string, we will use the value of `error_code_key` as the error code key in the error response body.
example:
```curl
curl -X POST "http://localhost:3001/oidc/token?error_code_key=error_code"
```
```json
{
"error_code": "oidc.invalid_grant",
"error": "invalid_grant",
"error_description": "Invalid value for parameter 'code': 'invalid_code'."
}
```

18
packages/core/src/middleware/koa-oidc-error-handler.ts
View file

@ -82,6 +82,7 @@ const isSessionNotFound = (description?: string) =>
* @see {@link errorUris} for the list of error URIs. * @see {@link errorUris} for the list of error URIs.
*/ */
export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<StateT, ContextT> { export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<StateT, ContextT> {
// eslint-disable-next-line complexity
return async (ctx, next) => { return async (ctx, next) => {
try { try {
await next(); await next();
@ -114,8 +115,23 @@ export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<Stat
: `oidc.${data.error}`; : `oidc.${data.error}`;
const uri = errorUris[data.error]; const uri = errorUris[data.error];
// Parse the `error_code_key` from the query string.
// This is used to customize the error key in the response body.
// For some third-party connectors, like Google, `code` is considered as a reserved OIDC key,
// can't be used as the error code key in the error response body.
// We add `error_code_key` to the query string to customize the error key in the response body.
const errorKeyQueryResult = z
.object({
error_code_key: z.string().optional(),
})
.safeParse(ctx.query);
const errorKey = errorKeyQueryResult.success
? errorKeyQueryResult.data.error_code_key ?? 'code'
: 'code';
ctx.body = { ctx.body = {
code, [errorKey]: code,
message: i18next.t(['errors:' + code, 'errors:oidc.provider_error_fallback'], { code }), message: i18next.t(['errors:' + code, 'errors:oidc.provider_error_fallback'], { code }),
error_uri: uri, error_uri: uri,
...ctx.body, ...ctx.body,