fix: Lazy initialize OIDC client (#947)

server/api/controllers/access-tokens/exchange-using-oidc.js

@@ -3,6 +3,9 @@ const { v4: uuid } = require('uuid');
 const { getRemoteAddress } = require('../../../utils/remoteAddress');
 
 const Errors = {
+  INVALID_OIDC_CONFIGURATION: {
+    invalidOIDCConfiguration: 'Invalid OIDC configuration',
+  },
   INVALID_CODE_OR_NONCE: {
     invalidCodeOrNonce: 'Invalid code or nonce',
   },
@@ -37,6 +40,9 @@ module.exports = {
   },
 
   exits: {
+    invalidOIDCConfiguration: {
+      responseType: 'serverError',
+    },
     invalidCodeOrNonce: {
       responseType: 'unauthorized',
     },
@@ -63,6 +69,7 @@ module.exports = {
         sails.log.warn(`Invalid code or nonce! (IP: ${remoteAddress})`);
         return Errors.INVALID_CODE_OR_NONCE;
       })
+      .intercept('invalidOIDCConfiguration', () => Errors.INVALID_OIDC_CONFIGURATION)
       .intercept('invalidUserinfoConfiguration', () => Errors.INVALID_USERINFO_CONFIGURATION)
       .intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
       .intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)

server/api/controllers/show-config.js

@@ -1,8 +1,26 @@
+const Errors = {
+  INVALID_OIDC_CONFIGURATION: {
+    invalidOidcConfiguration: 'Invalid OIDC configuration',
+  },
+};
+
 module.exports = {
-  fn() {
+  exits: {
+    invalidOidcConfiguration: {
+      responseType: 'serverError',
+    },
+  },
+
+  async fn() {
     let oidc = null;
     if (sails.hooks.oidc.isActive()) {
-      const oidcClient = sails.hooks.oidc.getClient();
+      let oidcClient;
+      try {
+        oidcClient = await sails.hooks.oidc.getClient();
+      } catch (error) {
+        sails.log.warn(`Error while initializing OIDC client: ${error}`);
+        throw Errors.INVALID_OIDC_CONFIGURATION;
+      }
 
       const authorizationUrlParams = {
         scope: sails.config.custom.oidcScopes,

server/api/helpers/users/get-or-create-one-using-oidc.js

@@ -11,6 +11,7 @@ module.exports = {
   },
 
   exits: {
+    invalidOIDCConfiguration: {},
     invalidCodeOrNonce: {},
     invalidUserinfoConfiguration: {},
     missingValues: {},
@@ -19,7 +20,13 @@ module.exports = {
   },
 
   async fn(inputs) {
-    const client = sails.hooks.oidc.getClient();
+    let client;
+    try {
+      client = await sails.hooks.oidc.getClient();
+    } catch (error) {
+      sails.log.warn(`Error while initializing OIDC client: ${error}`);
+      throw 'invalidOIDCConfiguration';
+    }
 
     let tokenSet;
     try {

server/api/hooks/oidc/index.js

@@ -15,13 +15,17 @@ module.exports = function defineOidcHook(sails) {
     /**
      * Runs when this Sails app loads/lifts.
      */
-
     async initialize() {
-      if (!sails.config.custom.oidcIssuer) {
+      if (!this.isActive()) {
         return;
       }
 
       sails.log.info('Initializing custom hook (`oidc`)');
+    },
+
+    async getClient() {
+      if (client === null && this.isActive()) {
+        sails.log.info('Initializing OIDC client');
 
         const issuer = await openidClient.Issuer.discover(sails.config.custom.oidcIssuer);
 
@@ -38,14 +42,13 @@ module.exports = function defineOidcHook(sails) {
         }
 
         client = new issuer.Client(metadata);
-    },
+      }
 
-    getClient() {
       return client;
     },
 
     isActive() {
-      return client !== null;
+      return sails.config.custom.oidcIssuer !== undefined;
     },
   };
 };