generate the code later

2024-07-05 16:46:55 +02:00 · 2023-06-23 01:53:27 +02:00 · 2023-06-23 01:53:27 +02:00 · daa18efc99
parent 0b3fd09bb0
commit daa18efc99
2 changed files with 5 additions and 3 deletions
--- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts
+++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@ -238,14 +238,14 @@ export class OAuth2ProviderService {
 			used?: boolean,
 		}>(1000 * 60 * 5); // expires after 5m

-		// https://datatracker.ietf.org/doc/html/rfc7636.html
+		// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics
+		// Authorization servers MUST support PKCE [RFC7636].
 		this.#server.grant(oauth2Pkce.extensions());
 		this.#server.grant(oauth2orize.grant.code({
 			modes: getQueryMode(config.url),
 		}, (client, redirectUri, token, ares, areq, locals, done) => {
 			(async (): Promise<OmitFirstElement<Parameters<typeof done>>> => {
 				this.#logger.info(`Checking the user before sending authorization code to ${client.id}`);
-				const code = secureRndstr(128, true);

 				if (!token) {
 					throw new AuthorizationError('No user', 'invalid_request');
@ -257,6 +257,8 @@ export class OAuth2ProviderService {
 				}

 				this.#logger.info(`Sending authorization code on behalf of user ${user.id} to ${client.id} through ${redirectUri}, with scope: [${areq.scope}]`);
+
+				const code = secureRndstr(128, true);
 				grantCodeCache.set(code, {
 					clientId: client.id,
 					userId: user.id,
--- a/packages/frontend/src/pages/oauth.vue
+++ b/packages/frontend/src/pages/oauth.vue
@ -1,7 +1,7 @@
 <template>
 <MkStickyContainer>
 	<template #header><MkPageHeader :actions="headerActions" :tabs="headerTabs"/></template>
-	<MkSpacer :content-max="800">
+	<MkSpacer :contentMax="800">
 		<div v-if="$i">
 			<div v-if="_permissions.length > 0">
 				<p v-if="name">{{ i18n.t('_auth.permission', { name }) }}</p>