diff --git a/frontend/src/helpers/redirectToProvider.ts b/frontend/src/helpers/redirectToProvider.ts index 00f063aa0..79ad9e128 100644 --- a/frontend/src/helpers/redirectToProvider.ts +++ b/frontend/src/helpers/redirectToProvider.ts @@ -1,4 +1,5 @@ import {createRandomID} from '@/helpers/randomId' +import {generateCodeVerifier, generateCodeChallenge} from '@/helpers/pkce' import type {IProvider} from '@/types/IProvider' import {parseURL} from 'ufo' @@ -9,17 +10,21 @@ export function getRedirectUrlFromCurrentFrontendPath(provider: IProvider): stri return `${url.protocol}//${url.host}/auth/openid/${provider.key}` } -export const redirectToProvider = (provider: IProvider) => { +export const redirectToProvider = async (provider: IProvider) => { const redirectUrl = getRedirectUrlFromCurrentFrontendPath(provider) const state = createRandomID(24) localStorage.setItem('state', state) + const codeVerifier = generateCodeVerifier() + const codeChallenge = await generateCodeChallenge(codeVerifier) + sessionStorage.setItem('pkceCodeVerifier', codeVerifier) + let scope = 'openid email profile' if (provider.scope !== null){ scope = provider.scope } - window.location.href = `${provider.authUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` + window.location.href = `${provider.authUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}&code_challenge=${codeChallenge}&code_challenge_method=S256` } export const redirectToProviderOnLogout = (provider: IProvider) => {