fix(SSO/JWT): JWTのヘッダーに`typ`を追加、serviceurlパラメータに対応 (MisskeyIO#537)

This commit is contained in:
まっちゃとーにゅ 2024-03-19 06:32:50 +09:00 committed by GitHub
parent 075ec2d7df
commit da9530a8f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 4 deletions

View File

@ -63,11 +63,11 @@ export class JWTIdentifyProviderService {
fastify.all<{ fastify.all<{
Params: { serviceId: string }; Params: { serviceId: string };
Querystring?: { return_to?: string }; Querystring?: { serviceurl?: string, return_to?: string };
Body?: { return_to?: string }; Body?: { serviceurl?: string, return_to?: string };
}>('/:serviceId', async (request, reply) => { }>('/:serviceId', async (request, reply) => {
const serviceId = request.params.serviceId; const serviceId = request.params.serviceId;
const returnTo = request.query?.return_to ?? request.body?.return_to; const returnTo = request.query?.return_to ?? request.query?.serviceurl ?? request.body?.return_to ?? request.body?.serviceurl;
const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' }); const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' });
if (!ssoServiceProvider) { if (!ssoServiceProvider) {
@ -193,6 +193,7 @@ export class JWTIdentifyProviderService {
jwt = await new jose.EncryptJWT(payload) jwt = await new jose.EncryptJWT(payload)
.setProtectedHeader({ .setProtectedHeader({
typ: 'JWT',
alg: ssoServiceProvider.signatureAlgorithm, alg: ssoServiceProvider.signatureAlgorithm,
enc: ssoServiceProvider.cipherAlgorithm, enc: ssoServiceProvider.cipherAlgorithm,
}) })
@ -209,7 +210,10 @@ export class JWTIdentifyProviderService {
: jose.base64url.decode(ssoServiceProvider.publicKey); : jose.base64url.decode(ssoServiceProvider.publicKey);
jwt = await new jose.SignJWT(payload) jwt = await new jose.SignJWT(payload)
.setProtectedHeader({ alg: ssoServiceProvider.signatureAlgorithm }) .setProtectedHeader({
typ: 'JWT',
alg: ssoServiceProvider.signatureAlgorithm,
})
.setIssuer(ssoServiceProvider.issuer) .setIssuer(ssoServiceProvider.issuer)
.setAudience(ssoServiceProvider.audience) .setAudience(ssoServiceProvider.audience)
.setIssuedAt() .setIssuedAt()