paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

auth-backend: Encode the OAuth state param using URL safe chars (#3281)

Browse Source
This commit is contained in:
Fredrik Adelöw
2020-11-12 11:43:35 +01:00
committed by GitHub
parent d5a2bf9296
commit 4628763998
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/tidy-bobcats-prove.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
Encode the OAuth state parameter using URL safe chars only, so that providers have an easier time forming the callback URL.
plugins/auth-backend/src/lib/oauth/helpers.ts
+2 -2
View File
@@ -19,7 +19,7 @@ import { OAuthState } from './types';
export const readState = (stateString: string): OAuthState => {
const state = Object.fromEntries(
new URLSearchParams(decodeURIComponent(stateString)),
new URLSearchParams(Buffer.from(stateString, 'hex').toString('utf-8')),
);
if (
!state.nonce ||
@@ -40,7 +40,7 @@ export const encodeState = (state: OAuthState): string => {
searchParams.append('nonce', state.nonce);
searchParams.append('env', state.env);
return encodeURIComponent(searchParams.toString());
return Buffer.from(searchParams.toString(), 'utf-8').toString('hex');
};
export const verifyNonce = (req: express.Request, providerId: string) => {