mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
fix(core): fix protected app callback uri (#5308)
This commit is contained in:
parent
880e890321
commit
8fb032da7a
7 changed files with 21 additions and 9 deletions
|
@ -13,6 +13,7 @@ import type {
|
|||
} from '@logto/schemas';
|
||||
import { RoleType, ApplicationType, LogtoOidcConfigKey, DomainStatus } from '@logto/schemas';
|
||||
|
||||
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||
import { mockId } from '#src/test-utils/nanoid.js';
|
||||
|
||||
export * from './connector.js';
|
||||
|
@ -54,7 +55,7 @@ export const mockProtectedApplication: Omit<Application, 'protectedAppMetadata'>
|
|||
type: ApplicationType.Protected,
|
||||
description: null,
|
||||
oidcClientMetadata: {
|
||||
redirectUris: ['https://mock.protected.dev/callback'],
|
||||
redirectUris: [`https://mock.protected.dev/${protectedAppSignInCallbackUrl}`],
|
||||
postLogoutRedirectUris: ['https://mock.protected.dev'],
|
||||
},
|
||||
customClientMetadata: {
|
||||
|
|
1
packages/core/src/constants/index.ts
Normal file
1
packages/core/src/constants/index.ts
Normal file
|
@ -0,0 +1 @@
|
|||
export const protectedAppSignInCallbackUrl = 'sign-in-callback';
|
|
@ -7,6 +7,7 @@ import {
|
|||
mockCustomDomain,
|
||||
mockProtectedApplication,
|
||||
} from '#src/__mocks__/index.js';
|
||||
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||
import RequestError from '#src/errors/RequestError/index.js';
|
||||
import {
|
||||
defaultProtectedAppPageRules,
|
||||
|
@ -172,7 +173,7 @@ describe('checkAndBuildProtectedAppData()', () => {
|
|||
pageRules: defaultProtectedAppPageRules,
|
||||
},
|
||||
oidcClientMetadata: {
|
||||
redirectUris: [`https://${host}/callback`],
|
||||
redirectUris: [`https://${host}/${protectedAppSignInCallbackUrl}`],
|
||||
postLogoutRedirectUris: [`https://${host}`],
|
||||
},
|
||||
});
|
||||
|
|
|
@ -6,6 +6,7 @@ import {
|
|||
} from '@logto/schemas';
|
||||
import { isValidSubdomain } from '@logto/shared';
|
||||
|
||||
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||
import { EnvSet, getTenantEndpoint } from '#src/env-set/index.js';
|
||||
import RequestError from '#src/errors/RequestError/index.js';
|
||||
import {
|
||||
|
@ -197,7 +198,7 @@ export const createProtectedAppLibrary = (queries: Queries) => {
|
|||
pageRules: defaultProtectedAppPageRules,
|
||||
},
|
||||
oidcClientMetadata: {
|
||||
redirectUris: [`https://${host}/callback`],
|
||||
redirectUris: [`https://${host}/${protectedAppSignInCallbackUrl}`],
|
||||
postLogoutRedirectUris: [`https://${host}`],
|
||||
},
|
||||
};
|
||||
|
|
|
@ -9,6 +9,7 @@ import { MockTenant } from '#src/test-utils/tenant.js';
|
|||
const { jest } = import.meta;
|
||||
|
||||
const mockDomain = 'app.example.com';
|
||||
const protectedAppSignInCallbackUrl = 'sign-in-callback';
|
||||
|
||||
const updateApplicationById = jest.fn();
|
||||
const findApplicationById = jest.fn(async () => mockProtectedApplication);
|
||||
|
@ -109,8 +110,8 @@ describe('application protected app metadata routes', () => {
|
|||
`https://${mockDomain}`,
|
||||
],
|
||||
redirectUris: [
|
||||
`https://${mockProtectedApplication.protectedAppMetadata.host}/callback`,
|
||||
`https://${mockDomain}/callback`,
|
||||
`https://${mockProtectedApplication.protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`,
|
||||
`https://${mockDomain}/${protectedAppSignInCallbackUrl}`,
|
||||
],
|
||||
},
|
||||
});
|
||||
|
@ -169,7 +170,9 @@ describe('application protected app metadata routes', () => {
|
|||
},
|
||||
oidcClientMetadata: {
|
||||
postLogoutRedirectUris: [`https://${mockProtectedApplication.protectedAppMetadata.host}`],
|
||||
redirectUris: [`https://${mockProtectedApplication.protectedAppMetadata.host}/callback`],
|
||||
redirectUris: [
|
||||
`https://${mockProtectedApplication.protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`,
|
||||
],
|
||||
},
|
||||
});
|
||||
expect(deleteDomainFromRemote).toHaveBeenCalledWith(mockCloudflareData.id);
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import { customDomainsGuard } from '@logto/schemas';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||
import RequestError from '#src/errors/RequestError/index.js';
|
||||
import koaGuard from '#src/middleware/koa-guard.js';
|
||||
import assertThat from '#src/utils/assert-that.js';
|
||||
|
@ -94,7 +95,10 @@ export default function applicationProtectedAppMetadataRoutes<T extends AuthedRo
|
|||
await updateApplicationById(id, {
|
||||
protectedAppMetadata: { ...protectedAppMetadata, customDomains: [customDomain] },
|
||||
oidcClientMetadata: {
|
||||
redirectUris: [...oidcClientMetadata.redirectUris, `https://${domain}/callback`],
|
||||
redirectUris: [
|
||||
...oidcClientMetadata.redirectUris,
|
||||
`https://${domain}/${protectedAppSignInCallbackUrl}`,
|
||||
],
|
||||
postLogoutRedirectUris: [
|
||||
...oidcClientMetadata.postLogoutRedirectUris,
|
||||
`https://${domain}`,
|
||||
|
@ -153,7 +157,7 @@ export default function applicationProtectedAppMetadataRoutes<T extends AuthedRo
|
|||
oidcClientMetadata: {
|
||||
...oidcClientMetadata,
|
||||
redirectUris: oidcClientMetadata.redirectUris.filter(
|
||||
(uri) => uri !== `https://${domain}/callback`
|
||||
(uri) => uri !== `https://${domain}/${protectedAppSignInCallbackUrl}`
|
||||
),
|
||||
postLogoutRedirectUris: oidcClientMetadata.postLogoutRedirectUris.filter(
|
||||
(uri) => uri !== `https://${domain}`
|
||||
|
|
|
@ -8,6 +8,7 @@ import {
|
|||
mockCustomDomain,
|
||||
mockProtectedApplication,
|
||||
} from '#src/__mocks__/index.js';
|
||||
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||
import { mockId, mockIdGenerators } from '#src/test-utils/nanoid.js';
|
||||
import { createMockQuotaLibrary } from '#src/test-utils/quota.js';
|
||||
import { MockTenant } from '#src/test-utils/tenant.js';
|
||||
|
@ -137,7 +138,7 @@ describe('application route', () => {
|
|||
type,
|
||||
protectedAppMetadata,
|
||||
oidcClientMetadata: {
|
||||
redirectUris: [`https://${protectedAppMetadata.host}/callback`],
|
||||
redirectUris: [`https://${protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`],
|
||||
postLogoutRedirectUris: [`https://${protectedAppMetadata.host}`],
|
||||
},
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue