OIDC: update to oidc-client-ts functions from js-sdk (#11193)

* test util for oidcclientconfigs * rename type and lint * correct oidc test util * store issuer and clientId pre auth navigation * update for js-sdk userstate, tidy
2023-07-10 12:57:16 +12:00
parent 1a75d5d869
commit 01bd80fe59
5 changed files with 91 additions and 78 deletions
--- a/src/utils/oidc/authorize.ts
+++ b/src/utils/oidc/authorize.ts
@@ -14,34 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-import {
-    AuthorizationParams,
-    generateAuthorizationParams,
-    generateAuthorizationUrl,
-} from "matrix-js-sdk/src/oidc/authorize";
-
-import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
-
-/**
- * Store authorization params for retrieval when returning from OIDC OP
- * @param authorizationParams from `generateAuthorizationParams`
- * @param delegatedAuthConfig used for future interactions with OP
- * @param clientId this client's id as registered with configured issuer
- * @param homeserver target homeserver
- */
-const storeAuthorizationParams = (
-    { redirectUri, state, nonce, codeVerifier }: AuthorizationParams,
-    { issuer }: ValidatedDelegatedAuthConfig,
-    clientId: string,
-    homeserver: string,
-): void => {
-    window.sessionStorage.setItem(`oidc_${state}_nonce`, nonce);
-    window.sessionStorage.setItem(`oidc_${state}_redirectUri`, redirectUri);
-    window.sessionStorage.setItem(`oidc_${state}_codeVerifier`, codeVerifier);
-    window.sessionStorage.setItem(`oidc_${state}_clientId`, clientId);
-    window.sessionStorage.setItem(`oidc_${state}_issuer`, issuer);
-    window.sessionStorage.setItem(`oidc_${state}_homeserver`, homeserver);
-};
+import { OidcClientConfig } from "matrix-js-sdk/src/autodiscovery";
+import { generateOidcAuthorizationUrl } from "matrix-js-sdk/src/oidc/authorize";
+import { randomString } from "matrix-js-sdk/src/randomstring";

 /**
 * Start OIDC authorization code flow
@@ -49,25 +24,28 @@ const storeAuthorizationParams = (
 * Navigates to configured authorization endpoint
 * @param delegatedAuthConfig from discovery
 * @param clientId this client's id as registered with configured issuer
- * @param homeserver target homeserver
+ * @param homeserverUrl target homeserver
+ * @param identityServerUrl OPTIONAL target identity server
 * @returns Promise that resolves after we have navigated to auth endpoint
 */
 export const startOidcLogin = async (
-    delegatedAuthConfig: ValidatedDelegatedAuthConfig,
+    delegatedAuthConfig: OidcClientConfig,
    clientId: string,
-    homeserver: string,
+    homeserverUrl: string,
+    identityServerUrl?: string,
 ): Promise<void> => {
-    // TODO(kerrya) afterloginfragment https://github.com/vector-im/element-web/issues/25656
    const redirectUri = window.location.origin;
-    const authParams = generateAuthorizationParams({ redirectUri });

-    storeAuthorizationParams(authParams, delegatedAuthConfig, clientId, homeserver);
+    const nonce = randomString(10);

-    const authorizationUrl = await generateAuthorizationUrl(
-        delegatedAuthConfig.authorizationEndpoint,
+    const authorizationUrl = await generateOidcAuthorizationUrl({
+        metadata: delegatedAuthConfig.metadata,
+        redirectUri,
        clientId,
-        authParams,
-    );
+        homeserverUrl,
+        identityServerUrl,
+        nonce,
+    });

    window.location.href = authorizationUrl;
 };