Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change sso callback verification #1092

Merged
merged 4 commits into from
Jul 11, 2023
Merged

Change sso callback verification #1092

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2462998
Change token parsing for sso
gaspergrom Jul 11, 2023
742932f
Fix formatting
gaspergrom Jul 11, 2023
ab54a36
Revert activity debugging
gaspergrom Jul 11, 2023
6bb47c1
Fix typescript issues
gaspergrom Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions backend/config/custom-environment-variables.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,8 +181,7 @@
"secretAccessKey": "CROWD_OPENSEARCH_AWS_SECRET_ACCESS_KEY"
},
"auth0": {
"domain": "CROWD_AUTH0_DOMAIN",
"clientId": "CROWD_AUTH0_CLIENT_ID",
"cert": "CROWD_AUTH0_CERT"
"jwks": "CROWD_AUTH0_JWKS"
}
}
113 changes: 113 additions & 0 deletions backend/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions backend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
"html-to-text": "^8.2.1",
"json2csv": "^5.0.7",
"jsonwebtoken": "8.5.1",
"jwks-rsa": "^3.0.1",
"lodash": "4.17.21",
"moment": "2.29.4",
"moment-timezone": "^0.5.34",
Expand Down
27 changes: 20 additions & 7 deletions backend/src/api/auth/ssoCallback.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,44 @@
import jwt from 'jsonwebtoken'
import jwksClient from 'jwks-rsa'
import AuthService from '../../services/auth/authService'
import { AUTH0_CONFIG } from '../../conf'
import Error401 from '../../errors/Error401'

const jwks = jwksClient({
jwksUri: AUTH0_CONFIG.jwks,
cache: true,
cacheMaxEntries: 5,
cacheMaxAge: 86400000,
themarolt marked this conversation as resolved.
Show resolved Hide resolved
})

async function getKey(header, callback) {
jwks.getSigningKey(header.kid, (err, key: any) => {
const signingKey = key.publicKey || key.rsaPublicKey
callback(null, signingKey)
})
}

export default async (req, res) => {
const { idToken, invitationToken, tenantId } = req.body

try {
const verifyToken = new Promise((resolve, reject) => {
const publicKey = AUTH0_CONFIG.cert.replaceAll('"', '').replace(/\\n/g, '\n')
jwt.verify(idToken, publicKey, { algorithms: ['RS256'] }, (err, decoded) => {
// If error verifying token
jwt.verify(idToken, getKey, { algorithms: ['RS256'] }, (err, decoded) => {
if (err) {
reject(new Error401())
}

// If token matches auth0 validation criteria
const { aud, iss } = decoded as any
if (aud !== AUTH0_CONFIG.clientId || !iss.includes(AUTH0_CONFIG.domain)) {
const { aud } = decoded as any

if (aud !== AUTH0_CONFIG.clientId) {
reject(new Error401())
}

// If token validation passed
resolve(decoded)
})
})
const data: any = await verifyToken

// Signin with data
const token: string = await AuthService.signinFromSSO(
'auth0',
Expand Down
3 changes: 1 addition & 2 deletions backend/src/conf/configTypes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,8 @@ export interface ApiConfiguration {
}

export interface Auth0Configuration {
domain: string
clientId: string
cert: string
jwks: string
}

export interface PlansConfiguration {
Expand Down
Loading