feat: Improve OIDC support for strict providers (#824)

2025-07-24 15:49:46 +02:00 · 2024-07-16 12:19:27 +02:00 · 2024-07-16 12:19:27 +02:00 · d45cbeb0fb
commit d45cbeb0fb
parent 042ab0a63a
5 changed files with 34 additions and 6 deletions
--- a/server/api/helpers/users/get-or-create-one-using-oidc.js
+++ b/server/api/helpers/users/get-or-create-one-using-oidc.js
@ -11,6 +11,7 @@ module.exports = {
  },

  exits: {
+    invalidUserInfoSignature: {},
    invalidCodeOrNonce: {},
    missingValues: {},
    emailAlreadyInUse: {},
@ -34,6 +35,10 @@ module.exports = {
      );
      userInfo = await client.userinfo(tokenSet);
    } catch (e) {
+      if (e instanceof SyntaxError && e.message.includes('Unexpected token e in JSON at position 0')) {
+        sails.log.warn('Error while exchanging OIDC code: userInfo response is signed.');
+        throw 'invalidUserInfoSignature';
+      }
      sails.log.warn(`Error while exchanging OIDC code: ${e}`);
      throw 'invalidCodeOrNonce';
    }