yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Azure single-tenant SSO tokens are unable to refresh (#5551)

Browse Source
This commit is contained in:
Tom Moor
2023-07-11 18:59:28 -04:00
committed by GitHub
parent 5ae4834333
commit c56add74c6
3 changed files with 42 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/utils/azure.ts
View File

@@ -1,9 +1,36 @@
import JWT from "jsonwebtoken";
import env from "@server/env";
import OAuthClient from "./oauth";
type AzurePayload = {
/* A GUID that represents the Azure AD tenant that the user is from */
tid: string;
};
export default class AzureClient extends OAuthClient {
endpoints = {
authorize: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
token: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
userinfo: "https://graph.microsoft.com/v1.0/me",
};
async rotateToken(
accessToken: string,
refreshToken: string
): Promise<{
accessToken: string;
refreshToken?: string;
expiresAt: Date;
}> {
if (env.isCloudHosted()) {
return super.rotateToken(accessToken, refreshToken);
}
const payload = JWT.decode(accessToken) as AzurePayload;
return super.rotateToken(
accessToken,
refreshToken,
`https://login.microsoftonline.com/${payload.tid}/oauth2/v2.0/token`
);
}
}

15
server/utils/oauth.ts
View File

@@ -1,4 +1,5 @@
import fetch from "fetch-with-proxy";
import Logger from "@server/logging/Logger";
import { AuthenticationError, InvalidRequestError } from "../errors";
export default abstract class OAuthClient {
@@ -41,18 +42,22 @@ export default abstract class OAuthClient {
return data;
};
rotateToken = async (
refreshToken: string
async rotateToken(
_accessToken: string,
refreshToken: string,
endpoint = this.endpoints.token
): Promise<{
accessToken: string;
refreshToken?: string;
expiresAt: Date;
}> => {
}> {
let data;
let response;
try {
response = await fetch(this.endpoints.token, {
Logger.debug("utils", "Rotating token", { endpoint });
response = await fetch(endpoint, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
@@ -79,5 +84,5 @@ export default abstract class OAuthClient {
accessToken: data.access_token,
expiresAt: new Date(Date.now() + data.expires_in * 1000),
};
};
}
}