diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-12 16:15:20 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-12 16:15:20 -0600 |
| commit | 9b267c499709472cd20d95df76b53fc6c571e797 (patch) | |
| tree | 695d20441792f97bdc374196c8f6d98ba89ca9a7 /bin/ui | |
| parent | f62507b993e42c1d3fc96b2cafdcac51259b7ab0 (diff) | |
feat: require a login before authorizing an auth grant
Diffstat (limited to 'bin/ui')
| -rwxr-xr-x | bin/ui | 31 |
1 files changed, 21 insertions, 10 deletions
@@ -20,6 +20,8 @@ $port = ENV.fetch("PORT", 8283).to_i $host = ENV.fetch("HOST", "localhost:#{$port}") $idp_host = ENV.fetch("IDP_HOST", "localhost:8282") +Net::Hippie.logger = Logger.new($stdout, level: :debug) + class OnDemandRegistry < Saml::Kit::DefaultRegistry def metadata_for(entity_id) found = super(entity_id) @@ -90,16 +92,25 @@ class UI end def oauth_callback(request) - response = Net::Hippie.default_client.post( - "http://#{$idp_host}/oauth/token", - headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') }, - body: { - grant_type: "authorization_code", - code: request.params['code'], - code_verifier: "not_implemented" - } - ) - [200, { "Content-Type" => "application/json" }, [JSON.pretty_generate(request.params.merge(JSON.parse(response.body)))]] + client = Net::Hippie::Client.new + response = client.with_retry do |x| + client.post( + "http://#{$idp_host}/oauth/token", + headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') }, + body: { + grant_type: "authorization_code", + code: request.params['code'], + code_verifier: "not_implemented" + } + ) + end + if response.code.to_i == 200 + [200, { "Content-Type" => "application/json" }, [JSON.pretty_generate( + request.params.merge(JSON.parse(response.body)) + )]] + else + [response.code, response.header, [response.body]] + end end def saml_post_to_idp(request) |