api: tentatively make auth_nonce optional after token refresh
All checks were successful
Build Container / Build Container (push) Successful in 1m38s
All checks were successful
Build Container / Build Container (push) Successful in 1m38s
This commit is contained in:
parent
41fd939d30
commit
5bdf04cbb6
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 5 additions and 4 deletions
|
|
@ -4,6 +4,7 @@ from datetime import datetime, UTC, timedelta
|
|||
from fastapi import Request, Depends, Response
|
||||
from simple_openid_connect.data import TokenSuccessResponse
|
||||
from simple_openid_connect.client import OpenidClient
|
||||
from simple_openid_connect.exceptions import ValidationError
|
||||
|
||||
from dooris_api import models, exceptions
|
||||
from dooris_api.ccujack import CCUJackClient
|
||||
|
|
@ -24,19 +25,19 @@ async def get_current_user(
|
|||
) -> Optional[models.CurrentUser]:
|
||||
# easiest case: we still have an access token (which is the most fleeting component)
|
||||
# everything else should still be valid so we can just use it
|
||||
if all(i in req.cookies for i in ("access_token", "id_token", "auth_nonce")):
|
||||
if all(i in req.cookies for i in ("access_token", "id_token")):
|
||||
logger.debug(
|
||||
"user is fully authenticated, returning current user from existing id_token"
|
||||
)
|
||||
id_token = oidc_client.decode_id_token(
|
||||
req.cookies["id_token"], nonce=req.cookies["auth_nonce"]
|
||||
req.cookies["id_token"], nonce=req.cookies.get("auth_nonce", None),
|
||||
)
|
||||
return models.CurrentUser(
|
||||
id_token=id_token, raw_id_token=req.cookies["id_token"]
|
||||
)
|
||||
|
||||
# if we have a refresh token, try to get new tokens
|
||||
elif all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
|
||||
elif all(i in req.cookies for i in ("refresh_token",)):
|
||||
logger.debug(
|
||||
"user has been previously authenticated, trying to recover with refresh_token"
|
||||
)
|
||||
|
|
@ -44,7 +45,7 @@ async def get_current_user(
|
|||
token_resp = oidc_client.exchange_refresh_token(req.cookies["refresh_token"])
|
||||
if isinstance(token_resp, TokenSuccessResponse):
|
||||
logger.debug("successfully got new tokens from refresh token")
|
||||
persist_auth_state(oidc_client, resp, token_resp, auth_start_time, req.cookies["auth_nonce"])
|
||||
persist_auth_state(oidc_client, resp, token_resp, auth_start_time, None)
|
||||
|
||||
# return the newly gotten info
|
||||
id_token = oidc_client.decode_id_token(token_resp.id_token)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue