Skip to content

Commit

Permalink
Set attributes earlier in the flow if possible
Browse files Browse the repository at this point in the history
  • Loading branch information
niwsa committed Dec 20, 2024
1 parent 348a5b7 commit 2676774
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions npm/src/controller/oauth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ export class OAuthController implements IOAuthController {
// First we check if it's a federated connection
if (client_id.startsWith(`${clientIDFederatedPrefix}${clientIDOIDCPrefix}`)) {
isOIDCFederated = true;
protocol = 'OIDC Federation';
fedApp = await this.idFedApp.get({
id: client_id.replace(clientIDFederatedPrefix, ''),
});
Expand Down Expand Up @@ -232,6 +233,10 @@ export class OAuthController implements IOAuthController {
throw new JacksonError('IdP connection not found.', 403);
}

connectionIsSAML = 'idpMetadata' in connection && connection.idpMetadata !== undefined;
connectionIsOIDC = 'oidcProvider' in connection && connection.oidcProvider !== undefined;
protocol = isOIDCFederated ? 'OIDC Federation' : connectionIsSAML ? 'SAML' : 'OIDC';

if (!allowed.redirect(redirect_uri, connection.redirectUrl as string[])) {
if (fedApp) {
if (!allowed.redirect(redirect_uri, fedApp.redirectUrl as string[])) {
Expand All @@ -245,9 +250,6 @@ export class OAuthController implements IOAuthController {
if (!isConnectionActive(connection)) {
throw new JacksonError('SSO connection is deactivated. Please contact your administrator.', 403);
}
connectionIsSAML = 'idpMetadata' in connection && connection.idpMetadata !== undefined;
connectionIsOIDC = 'oidcProvider' in connection && connection.oidcProvider !== undefined;
protocol = isOIDCFederated ? 'OIDC Federation' : connectionIsSAML ? 'SAML' : 'OIDC';
} catch (err: unknown) {
const error_description = getErrorMessage(err);
metrics.increment('oauthAuthorizeError', {
Expand Down Expand Up @@ -644,6 +646,7 @@ export class OAuthController implements IOAuthController {
);
}

login_type = isIdPFlow ? 'idp-initiated' : 'sp-initiated';
sessionId = RelayState.replace(relayStatePrefix, '');

if (!issuer) {
Expand Down Expand Up @@ -671,7 +674,6 @@ export class OAuthController implements IOAuthController {
isOIDCFederated = session && 'oidcFederated' in session;
const isSPFlow = !isIdPFlow && !isSAMLFederated;
protocol = isOIDCFederated ? 'OIDC Federation' : isSAMLFederated ? 'SAML Federation' : 'SAML';
login_type = isIdPFlow ? 'idp-initiated' : 'sp-initiated';
// IdP initiated SSO flow
if (isIdPFlow) {
const response = await this.ssoHandler.resolveConnection({
Expand Down

0 comments on commit 2676774

Please sign in to comment.