admin/JustAuth
1
0
Fork 0
mirror of https://gitee.com/yadong.zhang/JustAuth.git synced 2025-12-06 08:48:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

🔥 Amazon PKCE 中的 code_verifier 基于 state 缓存

Browse Source
This commit is contained in:
yadong.zhang 2024-08-04 23:28:55 +08:00
parent b01704ff78
commit 6859b8a949
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
View File

@ -50,15 +50,16 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
*/ */
@Override @Override
public String authorize(String state) { public String authorize(String state) {
String realState = getRealState(state);
UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize()) UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize())
.queryParam("client_id", config.getClientId()) .queryParam("client_id", config.getClientId())
.queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values()))) .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values())))
.queryParam("redirect_uri", config.getRedirectUri()) .queryParam("redirect_uri", config.getRedirectUri())
.queryParam("response_type", "code") .queryParam("response_type", "code")
.queryParam("state", getRealState(state)); .queryParam("state", realState);
if (config.isPkce()) { if (config.isPkce()) {
String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId()); String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
String codeVerifier = PkceUtil.generateCodeVerifier(); String codeVerifier = PkceUtil.generateCodeVerifier();
String codeChallengeMethod = "S256"; String codeChallengeMethod = "S256";
String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier); String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
@ -86,7 +87,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
form.put("client_secret", config.getClientSecret()); form.put("client_secret", config.getClientSecret());
if (config.isPkce()) { if (config.isPkce()) {
String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId()); String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
String codeVerifier = this.authStateCache.get(cacheKey); String codeVerifier = this.authStateCache.get(cacheKey);
form.put("code_verifier", codeVerifier); form.put("code_verifier", codeVerifier);
} }