Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
resave: true,
saveUninitialized: false
})
);
app.get("/", (req, res) => {
res.sendFile(path.join(__dirname + "/public/index.html"));
});
// Auth
let { Issuer, Strategy } = require("openid-client");
// Create issuer representing delegated authorization server
let theURL;
let theClient;
Issuer.discover("http://localhost:3100") // => Promise
.then(issuer => {
console.log("Discovered issuer %s %O", issuer.issuer, issuer.metadata);
console.log("[Client] OIDC Server Found");
// TODO: Cleanup
// Setup client stuff
const client = new issuer.Client({
client_id: "RST",
client_secret: "RomeoSierraTango",
grant_types: ["authorization_code"],
response_types: ["code"],
token_endpoint_auth_method: "none",
id_token_signed_response_alg: "RS256",
token_endpoint_auth_method: "client_secret_basic"
}); // => Client
if (!isOidcEnabled) {
return;
}
debug('OidcStrategy: setting up..');
// setup client
// extend oidc request timeouts
OIDCIssuer.defaultHttpOptions = { timeout: 5000 };
const issuerHost = configManager.getConfig('crowi', 'security:passport-oidc:issuerHost');
const clientId = configManager.getConfig('crowi', 'security:passport-oidc:clientId');
const clientSecret = configManager.getConfig('crowi', 'security:passport-oidc:clientSecret');
const redirectUri = (configManager.getConfig('crowi', 'app:siteUrl') != null)
? urljoin(this.crowi.appService.getSiteUrl(), '/passport/oidc/callback')
: configManager.getConfig('crowi', 'security:passport-oidc:callbackUrl'); // DEPRECATED: backward compatible with v3.2.3 and below
const oidcIssuer = await OIDCIssuer.discover(issuerHost);
debug('Discovered issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
const client = new oidcIssuer.Client({
client_id: clientId,
client_secret: clientSecret,
redirect_uris: [redirectUri],
response_types: ['code'],
});
passport.use('oidc', new OidcStrategy({
client,
params: { scope: 'openid email profile' },
},
((tokenset, userinfo, done) => {
if (userinfo) {
return done(null, userinfo);
private async getIssuer(requestContext: ClientRequestContext): Promise {
requestContext.enter();
if (this._issuer)
return this._issuer;
const url = await this.getUrl(requestContext);
this._issuer = await Issuer.discover(url);
return this._issuer;
}
function discoverIssuer (url) {
return Issuer.discover(url)
}
private getIssuer = async () => {
if (this.issuer) {
return this.issuer;
}
const issuerConfig = get(this.oidc, 'issuerConfig');
const discoveryUrl = get(this.oidc, 'discoveryUrl');
this.issuer = (!isEmpty(issuerConfig))
? new Issuer(issuerConfig)
: await Issuer.discover(discoveryUrl);
return this.issuer;
}
async function getOidcProvider() {
const issuer = await Issuer.discover(OIDC_URL);
return new issuer.Client({client_id: OIDC_CLIENT_ID, client_secret: OIDC_SECRET});
}
issuer = await asyncRetry(async () =>
Issuer.discover(config.Auth.dfeSignIn.authUrl), asyncRetry.strategies.apiStrategy)
} catch (error) {
async get_issuer() {
const plugin = this;
const cache = plugin.server.cache;
const discover_url = plugin.config.issuer.discover_url;
const cache_key = "issuer:" + plugin.server.utils.md5(discover_url);
let issuer;
issuer = cache.get(cache_key);
if (issuer !== undefined) {
return issuer;
}
if (discover_url) {
issuer = await Issuer.discover(discover_url);
cache.set(cache_key, issuer, ISSUER_CACHE_DURATION);
return issuer;
} else {
issuer = new Issuer(plugin.config.issuer);
plugin.server.logger.verbose(
"manual issuer %s %O",
issuer.issuer,
issuer.metadata
);
cache.set(cache_key, issuer, ISSUER_CACHE_DURATION);
return issuer;
}
}