Commita8433b1

authored

fix: Prevent infinite redirects on oidc errors (#6550)

* fix: Prevent infinite redirects on bad oidc scopes* Show oidc errors

1 parent4a07fcd commita8433b1Copy full SHA for a8433b1

File tree

+22

-0

lines changed

+22

-0

lines changed

Lines changed: 22 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,28 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)`
`56`	`56`	`return`
`57`	`57`	`}`
`58`	`58`
	`59`	`+// OIDC errors can be returned as query parameters. This can happen`
	`60`	`+// if for example we are providing and invalid scope.`
	`61`	`+// We should terminate the OIDC process if we encounter an error.`
	`62`	`+oidcError:=r.URL.Query().Get("error")`
	`63`	`+errorDescription:=r.URL.Query().Get("error_description")`
	`64`	`+errorURI:=r.URL.Query().Get("error_uri")`
	`65`	`+ifoidcError!="" {`
	`66`	`+// Combine the errors into a single string if either is provided.`
	`67`	`+iferrorDescription==""&&errorURI!="" {`
	`68`	`+errorDescription=fmt.Sprintf("error_uri: %s",errorURI)`
	`69`	`+}elseiferrorDescription!=""&&errorURI!="" {`
	`70`	`+errorDescription=fmt.Sprintf("%s, error_uri: %s",errorDescription,errorURI)`
	`71`	`+}`
	`72`	`+oidcError=fmt.Sprintf("Encountered error in oidc process: %s",oidcError)`
	`73`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`74`	`+Message:oidcError,`
	`75`	`+// This message might be blank. This is ok.`
	`76`	`+Detail:errorDescription,`
	`77`	`+})`
	`78`	`+return`
	`79`	`+}`
	`80`	`+`
`59`	`81`	`code:=r.URL.Query().Get("code")`
`60`	`82`	`state:=r.URL.Query().Get("state")`
`61`	`83`

Comments

(0)